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Hackers Beating 
Efforts to Patch 
Software Flaws 


Rapid attacks via Windows 2000 hole prompt a 
calls for broader IT security mechanisms \ 
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The speed at which arian plug-and-play compo- 
hackers are taking advan- ? nent of Windows 2000. 
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agers and analysts. eral Electric Co., when hackers 
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to quickly exploit new flaws. acutely aware of the need to Utility Merges Call Centers, savings. 
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“At Nissan, we expect to save at least $135 million annually 
thanks to the efficiencies that Windows Server 2003 and 
Exchange Server 2003 are helping us achieve.” 


Toshihiko Suda 
Senior Manager, Nissan Motor Company, Ltd. 
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Windows 
Server System 


Make a name for yourself with Windows Server System. 
An upgrade to Microsoft Windows Server System 
made it possible for 50,000 worldwide employees 
at Nissan Motor Company to have more secure 
remote access to their e-mail and calendars 
from any Internet connection, without the hassle 
and expense of a VPN. Here’s how: By deploying 
Windows Server 2003 and Exchange 2003, not only 
did Nissan IT meet the CEO's demand for better globai 
collaboration, they expect to save at least $135 million 
by streamlining their messaging infrastructure 
To get the full Nissan story or find a Microsoft 
Certified Partner, go to microsoft.com/wssystem 
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Water Returns to 
The Data Center 


In the Technology section: As server heat loads in- 
crease, vendors are reintroducing water cooling op- 
tions as a supplement to computer room air handling 
systems — and stoking old fears. Page 28 
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6 “Spear phishing,” in which 
customized e-mail attacks 
solicit confidential data, is 
a growing threat, say security 
analysts, who recommend 
end-user education as a cure. 


French security researchers 
report a flaw that can be 
exploited via the Internet 
Explorer browser; Microsoft 
says it’s investigating. 


The Interex user group seeks 
bankruptcy protection after 

shutting its doors and cancel- 
ing its HP World conference. 


The H-1B visa cap is likely to 
be controversial again this 
year, as IT trade groups lobby 
Congress for a higher limit. 


Novell’s ZENworks adds life- 
cycle management capabili- 
ties for Linux systems and 
supports Windows PC man- 
agement from a Linux server. 


Sabre Holdings plans to re- 
place a 15-year-old EDI system 
with a set of Web services. 


Open-source vendor JBoss 
aims a migration program 
at users of BEA’s WebLogic 
application server. 


Global Dispatches: The cost 
of PC components rises, but 
analysts predict that PC prices 
won't; and a $500 million proj- 
ect is launched to boost broad- 
band in West Africa. 


Telecommuting is appealing 
because of high fuel prices, and 


employers say they’re ready for 3 


an increase in remote workers. 
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apps move into the main- 
stream, enabling call centers 
to improve service levels. 


30 Future Watch: Power Play. 


Researchers at Los Alamos 
and elsewhere are finding 
ways to keep CPU power up 
and energy consumption and 
heat down. 
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tor circuits go nanotech; how 
the loom led to punch cards; 
and spamming for oil. 


: 32 Security Manager’s Journal: 


Intellectual Property Is Focus 
at New Job. Mathias Thur- 
man starts a new job witha 
big challenge: to block em- 
ployees from taking intellec- 
tual property and setting up 
competing consultancies. 
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: 37 Managers’ Forum. How does 





a busy IT leader learn to say 
no? Paul Glen has a suggestion, 
along with other advice, plus 
feedback from one reader. 


: 38 Grating Expectations. When 


customers develop the wrong 
expectations for an IT project, 
everyone loses. Here’s what 
you can do about it. 


40 Career Watch. CIO Andrew 


Armishaw of HSBC offers IT 
career advice. Plus, a study 
gauges how confident IT 
workers are about their job 
prospects, and a poll shows 
that interest in computer 
science continues to wane. 


On the Mark: Mark Hall re- 
ports that broadband over 
power lines is gathering mo- 
mentum despite objections 
by ham radio users and some 
public safety pros who de- 
pend on nearby frequencies. 


20 Don Tennant believes that 
Chinese Premier Wen Jiabao 
was mistaken when he pre- 
dicted “the Asian century of 
the IT industry.” 


20 Bruce A. Stewart shows how 
to get more out of the infor- 
mation side of IT. 


Michael H. Hugos has to re- 
consider some of the harsh 
opinions that he, as a CIO, has 
harbored about accountants. 


33 Robert L. Mitchell notes that 
experts think it’s inevitable 
that viruses will one day be 
able to destroy a computer by 
altering its microcode. So why 
haven’t we seen more of them? 


Paul Ingevaldson says one 
type of CIO doesn’t fit all 
companies. He has some 
advice for CEOs about how 
to choose the right one. 


46 Frankly Speaking: Frank 
Hayes wonders when vendors 
will get serious about eliminat- 
ing buffer overflow problems. 
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Offshoring 101: Protect Yourself 
CAREERS: Robert Half Technology’s Kather- 
ine Spencer Lee offers some tips for maxi- 
mizing your marketability to take advantage 
of the opportunities related to offshoring at 


your company. @ QuickLink 56062 


Lessons Learned From 
Corporate Security Breaches 
OPINION: Privacy columnist Jay Cline pro- 
vides a five-point agenda for preventing the 
kind of information security breaches that 
are triggering big headlines and legislation. 
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SOFTWARE: The research community was 
good enough to create and oversee the Inter- 
net, says grid pioneer Ian Foster. So why are 
some vendors claiming that academic grid 
software isn’t good enough for corporate IT? 
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Infrastructure Going? 

WEBCAST: EMC’s Mark Lewis says that 
managers should tackle storage virtualiza- 
tion projects by first identifying storage pain 
points before attempting practical innova- 
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Air Force Notifies 
33,000 of Hack 


ing more than 33,000 airmen of 
a security breach in its online 


Assignment Management System, | 


which includes career and per- 
sonal information of personnel. 
Officials said someone illicitly 
entered the system using a legiti- 
mate user’s password and ac- 
cessed information on an undis- 
closed number of officers. 


Sun Creates New 
Open-Source Office 


Sun Microsystems Inc. has creat- 
ed a new office to coordinate its 
open-source projects and ap- 
pointed longtime Sun technology 
evangelist Simon Phipps to over- 
see the effort as chief open- 
source officer. Phipps has been 
performing the duties of that job 
for about two years. The move 
marks the first time Sun has put 
an executive in charge of ail of its 
open-source projects. 


Intel Offers New 
Training in India 

Intel Corp. and training company 
NIIT Ltd. have agreed to create 
specialized training to help soft- 
ware developers in India learn 
about Intel architectures. The pro- 
gram, offered in labs at 10 NIT 
training centers in India, will ini- 
tially focus on multicore process- 
ing. In three years, Intel expects 
to extend the program to at least 
50,000 students. 


Qualcomm Buying 
Mobile Tool Supplier 


Qualcomm Inc. plans to buy Elata 
Ltd., a maker of mobile content- 
delivery software, for $57 million 
in cash. Qualcomm said it will 
integrate Elata’s software with 
its own Brew technology, which 
acts as a “virtual marketplace” 
between content providers and 
mobile operators. Elata’s products 
support standards like Java, the 
Wireless Application Protocol and 
the Open Mobile Alliance’s DRM. 
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| Little technology available to combat 
targeted e-mail scams, say experts 





BY JAIKUMAR VIJAYAN 
O-CALLED spear-phish- 
ing attacks — cus- 
tomized spoof e-mails 
that appear to come 

from trusted sources and ask 

| recipients to part with confi- 

dential information — pose a 

dangerous and emerging 

threat to organizations. 

There are no mature techni- 
cal solutions to the problem, 
so IT must emphasize educa- 
| tion, security experts said dur- 
ing a telephone briefing on the 
topic last week. 





The briefing for federal and 
state security managers was 
organized by the SANS Insti- 
tute, a security research com- 
pany in Bethesda, Md. 

“Phishing has become so 
sophisticated that it has be- 
come one of our top [security] 
concerns,” said William Pel- 
grin, director of the New York 
State Office of Cyber Security 
and Critical Infrastructure Co- 
ordination (CSCIC) in Albany. 

Spear-phishing attacks are 
similar to regular phishing 
scams in that they try to lure 


Training Needed to Halt 
‘Spear-Phishing’ Attacks 


The U.S. Air Force said it is notify- | 


| victims into sharing confiden- 
| tial data or downloading Tro- 
jan horse programs. However, 
spear phishing is far more tar- 
geted, and the e-mails are 
much more customized than 
regular phishing missives. 


| Firewall Killers 


The volume of e-mail in a 
spear-fishing attack is much 
lower than it is in a regular 
phishing exploit, making 
spear-fishing scams more dif- 
ficult to detect. 

Alan Paller, director of re- 
search at the SANS Institute, 
described spear-fishing inci- 
dents as “firewall-killer at- 
tacks” that can be as effective 





Affects only 


systems with the 
| Msdds.dll file 


BY ROBERT McMILLAN 
An unpatched vulnerability in 
a file used within Microsoft 
Corp.'s Office and Visual Stu- 
dio software could enable at- 
tackers to seize control of sys- 
tems via the Internet Explorer 
browser, security researchers 
in France reported last week. 
The disclosure prompted 
Microsoft to issue a security 
advisory saying that it was 
“aggressively investigating” 
the reported flaw. But the soft- 
ware vendor also took the re- 
searchers to task, saying that 
the possible vulnerability “was 
not disclosed responsibly, po- 
tentially putting computer 
users at risk” because of the 
lack of an available patch. 
Microsoft said the situation 
involves a Component Object 
Model object called the 
Microsoft DDS Library Shape 
Control, or Msdds.dll. The 
object isn’t shipped as part of 
Windows by default; it isn’t 








Microsoft Investigates 
Reported Browser Flaw 


designated as safe for script- 
ing uses; and it isn’t intended 
to be used within IE, accord- 
ing to the advisory. 

However, the French Securi- 
ty Incident Response Team 
(FrSIRT) said a memory-cor- 
ruption error in the Msdds.dll 
file could be exploited by at- 
tackers who place malicious 
code on Web pages displayed 
in Microsoft's Web browser. 
The Montpellier, France-based 
research organization gave the 
flaw a “critical” rating, al- 
though it noted that only sys- 
tems containing Msdds.dll 
would be vulnerable. 

The Msdds.dll file is used 
by developers to create cus- 
tomized Office applications, 
said Russ Cooper, editor of the 
NTBugtraq mailing list and an 
analyst at Cybertrust Inc. in 
Herndon, Va. Cooper said dur- 
ing an instant messaging ex- 
change that he doesn’t think 
the file has been installed on a 
large number of Windows sys- 
tems and that he isn’t very 
concerned about possible ex- 
ploits of the vulnerability. 

Microsoft said it wasn’t 


aware of any attacks trying to 
take advantage of the flaw re- 
ported by the FrSIRT. The 
vendor, which added that 
Msdds.dll can also be used 
within Visual Studio to visual- 
ize database objects, said it 
will decide whether a patch 

| is needed after completing its 
investigation of the flaw. 

Microsoft suggested work- 
arounds that it said could 
block known attack mecha- 
nisms. For example, the com- 
pany said IT managers could 
use the Windows registry file 
to disable Msdds.dll from run- 
ning in IE or unregister it from 
the operating system. 

In a related matter, about a 
dozen Web sites have cropped 
up that try to take advantage 
of a flaw in IE’s JPEG render- 
ing engine, said Dan Hubbard, 
senior director of security and 
research at Websense Inc. in 
San Diego. Microsoft patched 
that hole on Aug. 9 as part of 
its monthly security updates. 

Attackers are increasingly 
using IE instead of e-mail 
viruses to seize control of sys- 
tems, Hubbard said. “E-mail is 
just not as effective as it used 
to be,” he noted. @ 56335 


McMillan writes for the 
IDG News Service. 
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as “unsecured wireless for go- 
ing through the perimeter.” 
E-mail authentication tech- 

nologies can help alleviate the 
problem, said Dave Jevans, 

chairman of the Anti-Phishing 
Working Group in Cambridge, 
Mass. But many relevant stan- 
dards are immature, and avail- 


| able technologies can require 


large upgrades to e-mail infra- 
structures. Thus, user educa- 
tion and training are impor- 
tant, Pelgrin said. 

In a mock phishing scenario 
conducted between March 
and May, the New York CSCIC 
sent spoofed e-mails to about 
10,000 employees across five 
state agencies, trying to trick 
users into surrendering their 
passwords. More than 75% 
of the recipients opened the 
e-mail, 17% followed the link, 
and 15% attempted to enter 
their passwords, Pelgrin said. 

In an exercise two months 
later — after users were edu- 
cated about the technique — 
only 8% of respondents 
opened the e-mail, Pelgrin said. 

The U.S. Military Academy 
at West Point has conducted 
similar phishing exercises 
over the past few years and 
has seen a decline in the num- 
ber of users who fall for them. 

At the same time, the num- 
ber of recipients reporting in- 
cidents of suspicious e-mail 
has gradually risen, showing 
that more people are aware of 
the problem, said Aaron Fer- 
guson, an assistant professor 
in West Point’s department of 
electrical engineering and 
computer science. @ 56330 


Spear-Phishing Test 


a mock phishing exercise across 
® Of the nearly 10,000 e-mails 
that were sent, at least 75% of 
them were opened. 


= 17% of the recipients followed 
them to a false site. 


® 15% of the e-mail recipients 


attempted to interact with a 
fake password form onthe site 
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Interex Seeks Bankruptcy Protection After Shutdown 


HP user group faced steep revenue 
drop in the past year, court filing says 





BY PATRICK THIBODEAU 

After abruptly pulling the plug 
on its operations in July, the 
Interex user group this month 
filed for bankruptcy protec- 
tion, citing plummeting rev- 
enue and increasing debt. 

The Sunnyvale, Calif.-based 
organization for users of Hew- 
lett-Packard Co.’s systems re- 
ported total liabilities of just 
over $4 million, in documents 
filed at the U.S. Bankruptcy 
Court for the Northern Dis- 
trict of California in San Jose. 

Interex shut down last 
month and canceled its HP 
World conference, which was 
due to be held last week in San 
Francisco [QuickLink 55740]. 
The user group, which 
claimed to have about 100,000 
members, offered no explana- 
tion for the closure beyond a 
statement that it was “finan- 
cially necessary.” Interex 
board members contacted by 
Computerworld have declined 
to discuss the events that led 
to the shutdown. 

But the Chapter 7 bankrupt- 
cy petition that was filed Aug. 
ll provides some insights. 

In 2003, Interex brought in 
nearly $8 million from its con- 
ferences, publications and 
membership fees, according to 
the court papers. Last year, 
when HP announced that it 
would hold its own user con- 
ference starting this Septem- 
ber, Interex’s revenue fell to 
$6.4 million — a 20% decline. 

From Jan. 1 to Aug. 8 of this 
year, the user group recorded 
just $713,409 in revenue, the 
bankruptcy filing said. 

HP World was its chief 
source of revenue, but Interex 
faced a decline in trade-show 
bookings. Sources blamed 
competition from HP’s up- 
coming conference and a gen- 
eral decline in interest among 
IT vendors in exhibiting at 
user conferences. 

The court filing shows that 
Ronald Evans, the user group’s 
executive director, was paid 
$214,676 from August 2004 





through the end of last month, 
including a payment of $43,746 
that was made in July. How- 
ever, his biweekly salary 
dropped from $8,925 to $7,140 
in the first five pay periods of 
that time frame. 

The final payment to Evans 
may have been required under 
the terms of his contract or as 
part of a severance deal, said 
one source. In addition, the 
user group still owes Evans 
$8,255.80, according to the 
bankruptcy filing. 

Four Interex board members 
last week either didn’t return 
calls, wouldn’t comment on 





Falling Fortunes 


2003 : 2004 : 2005* 
* Through Aug. 8 
any issues or said they could 


not discuss matters relating to 
the bankruptcy because of the 


Congress Faces Renewed 
Fight Over H-1B Visa Limits 


Cap for FY ’06 is 
reached; IT groups 


lobby for increase 


BY PATRICK THIBODEAU 
High-tech trade groups will 
likely again push Congress to 
increase the H-1B visa cap, af- 
ter the government said this 
month that it has already re- 
ceived enough petitions to 
reach the limit of 65,000 new 
visas set for the fiscal year 
that starts Oct. 1. 

The Aug. 10 cutoff date for 
fiscal 2006 visa petitions was 
the earliest one ever for the 
controversial program and 
marked the first time that the 
application process has been 
closed prior to the start of a 
fiscal year. 

The early cutoff, which was 
officially announced two days 
after it took effect, means that 
some U.S. employers may 
have to wait more than a year 
before they can bring in addi- 
tional H-1B workers. 

“It’s becoming increasingly 
difficult for the best talent in 
the world to come to the U.S.,” 
said John Palafoutas, vice 
president of the Washington- 








based trade group AEA. 
Palafoutas said IT industry 
groups have been meeting 
with congressional leaders “to 
figure out what’s the best way 
to proceed on the issue.” 

It’s possible that a “market- 
based” solution could be craft- 
ed that would include auto- 
matic triggers to increase the 
cap if there was a strong de- 
mand for H-1B visas, he added. 


‘Significant’ Boost Eyed 
Trade groups aren’t specifying 
how much of an increase they 
may seek in the visa limit. But 
any expansion of the cap 
“should be significant,” said 
Bob Cohen, a spokesman for 
the Information Technology 
Association of America in Ar- 
lington, Va. “I think it’s a real 
problem, and the longer we 
put off addressing it, the less 
competitive we will be.” 

Vic Goel, an immigration at- 
torney in Greenbelt, Md., said 
the quick exhaustion of the 
fiscal 2006 H-1B allotment 
“obviously should be taken 
as a sign that we don’t have 
enough visas” available — 
especially with the U.S. econ- 
omy doing well. 








ongoing court proceedings. 

Evans couldn’t be reached 
by phone, and an e-mail that 
was forwarded to him by an 
Interex board member didn’t 
draw a response. 


Future in Doubt 
As far as the future of Interex 
is concerned, Denys Beauche- 
min, an IT consultant who is 
the user group’s vice chair- 
man, said he doubts that any 
new organization will emerge 
from its ashes. 

“HP wants to control every- 


thing, and there is no room for | 


Interex or anything like that,” 
Beauchemin said. 

However, the three other in- 
dependent HP user groups 
said in the wake of Interex’s 


But H-1B critic Ron Hira, 
who is vice president of career 
activities at IEEE-USA, ques- 
tioned claims that reaching 
the cap so soon indicates a 
need for more visas. 

Hira, who is also an assis- 
tant professor of public policy 
at the Rochester Institute of 
Technology in Rochester, N-Y., 
noted that the fiscal 2006 limit 
has been hit before companies 
have even hired any new 
workers. 

“It seems to indicate that 
companies are planning ahead 
for positions that don’t exist 
right now, which highlights 
the fact that, contrary to con- 
ventional wisdom, they aren’t 
searching for Americans first,” 
Hira said. 

Employers aren’t complete- 
ly out of H-1B options. An ad- 
ditional 20,000 visas became 
available in May for the cur- 
rent fiscal year, and a similar 
number will be offered in fis 
cal 2006. But Congress has 
limited those visas to foreign 
workers who have advanced 
degrees from U.S. universities. 

As of early this month, the 
US. Citizenship and Immigra- 
tion Services (USCIS) had re- 
ceived 10,379 advanced-degree 
petitions for fiscal 2005 and 
another 8,000 or so for next 
year, according to spokesman 


| Christopher Bentley. 








collapse that they remain on 


| solid financial footings. One of 


those groups, Chicago-based 
Encompass, will jointly man- 
age HP Technology Forum 
2005, the new HP-sponsored 
conference scheduled to begin 


| Sept. 12 in New Orleans. 


Jim Becker, an Encompass 
board member and lead sys- 
tems engineer at the Urban 
Institute, a Washington think 
tank, said a key goal of the up- 
coming conference “is to put 
real users and real experts in 
the room together.” 

Becker said the conference’s 
IT focus “will probably be 
halfway between the tactical 
and strategic.” Many of the 
expected attendees are “the 
chief influencers” who gather 
data used to help executives 
make IT decisions, he added. 


@ 56332 


Cap Numbers 


The current H-1B visa limit is 
65,000 per fiscal year, plus 
20,000 for workers with 
master’s degrees or higher 
from U.S. universities. 


FINE PRINT: 6,800 of the 
regular visas are set aside for 
workers from Singapore and 
Chile under trade 


Pee eesereseseseessesseeses 


PREVIOUS LIMIT: 195,000 in 


Cece eee seceeeseseseessesee 


ANOTHER OPTION: Congress 
this year approved the E-3 visa 
program, which makes 10,500 
visas similar to the H-1B available 
to Australian citizens. 


Hira charged that if U.S. 
companies truly are in need of 
highly skilled foreign workers, 
the extra visas set aside for 
graduate students schooled in 
the U.S. would have been 
snapped up quickly. 

“If they were hiring the best 
and brightest, that would be 
the first category to go,” he 
said. 

The USCIS will use a com- 
puter to randomly select ap- 
plications from the visa peti- 
tions received by Aug. 10 until 
the fiscal 2006 cap allotment 
is met, Bentley said. All of the 
remaining petitions will be re- 
jected by the agency. @ 56328 
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Agilent Sells Chip 
Unit, LED Stake 


Agilent Technologies inc. plans 
to sell its semiconductor product 
division to Kohlberg Kravis 
Roberts & Co. and Silver Lake 
Partners for $2.66 billion. Agilent 
unloaded the chip business to 
focus on its core test and mea- 
surement operations. Agilent also 
agreed to sell its stake in LED 
display maker Lumileds Lighting 
LLC to Philips Electronics NV for 
$950 million. 


HP to Resell Emulex 
Host Bus Adapters 


Hewlett-Packard Co. has agreed 
to resell Emulex Corp. Fibre Chan- 
nel host bus adapters (HBA) with 
its blade servers. Emulex has a 
similar agreement with IBM, 
which resells the storage net- 
working company’s HBAs with 

its eServer BladeCenter servers. 
HP also resells HBAs from Emulex 
rival QLogic Corp. 


Intel Paxville Chips 
To Ship Early 


Intel Corp. plans to release its 
dual-core, hyperthreaded Xeon 
and Xeon MP processors, code- 
named “Paxville,” later this year. 
The chips were due to ship in 
2006. Intel said the move was 
possible because development is 
ahead of schedule. intel’s hyper- 
threading technology enables a 
single dual-core processor to run 
four threads at the same time. 


U.K. Updates IT 
Procurement Rules 


The U.K. has updated its guide- 
lines for government IT procure- 
ment contracts, bringing them 
into line with European regula- 
tions that prohibit the public sec- 
tor from discriminating against 
vendors in invitations for bids. 
The guidelines state that requests 
for bids for processors, PCs and 
other equipment must use generic 
terms and not request specific 
brands or clock speeds. 





NEWS 


C ONTHEMARK 
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Electric Grid . . . 
. .. becomes infrastructure for data networks. Broadband 
over power lines (BPL), the ability to transmit data, 
voice and video over standard electrical power lines, 


has long angered many ham radio operators who 
claim that BPL interferes with their ability to trans- 


mit or receive signals. 
BPL has also alarmed 
some, such as the As- 
sociation of Public- 
Safety Communica- 
tions Officials Inter- 
national, whose mem- 
bers depend on radio 
spectrum near BPL 
transmission frequencies. 
And Lawrence Spiwak, presi- 
dent of the Phoenix Center 
for Advanced Legal and Eco- 
nomic Policy Studies in 
Washington and a former 
general counsel at the FCC, 
says, “Most power companies 
don’t think BPL is ready for 
prime time because they are 
very sensitive about protect- 
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ing grid reliability.” 

Despite this wide- 
spread skepticism, 
BPL has gotten some 
big boosts lately. The 
Federal Communica- 
tions Commission has 
changed its rules to 
“foster broadband de- 
ployment using the signifi- 
cantly untapped capabilities 
of the nation’s power grid.” 
Last month, Google Inc. and 
Goldman Sachs & Co. invest- 
ed $100 million in German- 
town, Md.-based Current 
Communications Group LLC, 
which sells BPL gear and 
partners with utility compa- 
nies to offer Internet access 
over power lines. And this 
month, the Texas legislature 
passed regulations to encour- 
age BPL, and the California 
Public Utilities Commission 
is considering approving BPL 
pilot projects there. 

Perhaps most important 
is the ongoing deployment 
of the Current Technologies 
LLC unit’s products on 
Cinergy Corp.'s grid near 
50,000 homes in Hamilton 
County, Ohio. Kathy Meinke, 








a spokeswoman for the 
Cincinnati utility, says that 
95% of the “thousands of 
users” rate the Internet ac- 
cess service as satisfactory. 
She adds that there have been 
no complaints filed by ham 
radio users, a point con- 
firmed by Allen Pitts of the 
American Radio Relay 
League, a ham radio opera- 
tors organization in Newing- 
ton, Conn. According to Jim 
Mollenkopf, vice president of 
products and architecture at 
Current Technologies, that’s 
because his company “has 
worked hard not to use ama- 
teur radio frequencies.” Pitts 
acknowledges that Current 
“is working honestly to deal 
with problems. We won’t say 
they’re wearing a white hat, 
but it’s beige.” Still, he re- 
mains concerned as deploy- 
ment grows. 

Such expansion is likely lat- 
er this year, when Current 
upgrades its CT Bridge chip 
set, upping performance to as 
much as l10OMbit/sec. to each 
household on the grid. Mol- 
lenkopf claims that utilities 
also like BPL because it might 
be used for automatic meter 
reading and to provide house- 
by-house load controls. 


Pouring cold water 


| on IBM's... 


. .. Cool Blue server technology 
is what Collette LaForce has 
in mind. She’s the vice presi- 
dent of marketing at Rackable 
Systems Inc. in Milpitas, 
Calif. She claims that if you 
want to use the eServer Rear 
Door Heat eXchanger from 
IBM, which cools racks of 
steamy x86 servers [Quick- 
Link 55501], “you need to 
make a major infrastructure 
investment.” No, not updated 
cabling systems; rather, new 
plumbing systems. IBM’s ap- 
proach requires channeling 
water from your data center’s 
air conditioning units, or 
chillers, so that it can flow 
through the eXchanger and 
keep your Intel-based servers 





www.computerworld.com 


HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY BUZZ BY MARK HALL 


from over- 
heating. But 
once you, 
um, replumb 
your data 
center to ac- 
commodate 
IBM’s Cool 
Blue systems, 
they’re stuck 
in place, unless you replumb 
the data center again. IBM 
spokesman Tim Willeford 
dismissed LaForce’s critique, 
saying, “Most data centers 
have chilled water directly 
above or below.” But he 

didn’t deny that you’d need a 
plumber to make changes to 
connect a rack to your chiller 
any time you needed to move 
the servers. LaForce argued 
that Rackable’s passive cool- 
ing design, which releases hot 
air through the center of the 
rack, means you don’t need to 
consider plumbing when you 
move things around. But 
Willeford insists this isn’t, 
ahem, a hot issue for CIOs. 


Speaking of IBM... 


. .. its audioconference deal 
with Avaya Inc. in Basking 
Ridge, N.J., promises to let 
you click on a person’s name 
and ring them up on the 
phone via Avaya Meeting 
Exchange in 
upcoming 
releases of 
Notes collab- 
oration tools 
and its Same- 
Time instant 
messaging 
technology. 
Sean Poulley, 
vice presi- 
dent for busi- 
ness development at IBM’s 
Lotus division, says the up- 
grade, due late in Q4 for 
SameTime and early in Ql 
2006 for Notes, also lets you 
manage voice functions dur- 
ing Web conferences. That 
little feature can come in 
handy when someone is prat- 
tling on too long during your 
conference. @ 56254 
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New Novell Tools Link 
Linux, Windows Systems 


Upgrade lets users 
manage their PCs 
from Linux servers 


BY MATT HAMBLEN 
OVELL INC. today 
plans to announce 
that an upgrade of 
its ZENworks soft- 

ware will ship on Friday with 

complete life-cycle manage- 
ment capabilities for Linux 
systems and support for man- 
aging Windows PCs from 
servers running Linux. 

The ZENworks 7 Suite was 
supposed to be released in the 

second quarter, according to a 


road map that Novell provided | 
| to Linux-based systems and 
ence in March. Richard White- | 
| agement tool that can handle 


at its BrainShare user confer- 


head, Novell’s director of 


| product management, said last | 


| week that the product was de- 
| layed because the company 
| only “ships products that meet 
| customer needs on Day 1.” 
Richard Kebo, manager of 
network services at the Clovis 
Unified School District in 


| Fresno County, Calif., said he 
will upgrade to ZENworks 7 as 


| soon as possible, moving from 
ZENworks 6.5, which he has 
| been running for the past nine 


| months. 


The Clovis school system, 


| which has 36,000 students, 


plans to continue using its 


| 10,000 Windows desktops. 


But Kebo said he wants to 
move from Windows servers 


standardize on a single man- 





both Linux servers and Win- 
dows PCs. ZENworks 7 will 
provide that flexibility, said 
Kebo, who has been beta-test- 


| ing the new software since 


March. 
Switching more systems to 


| Linux should increase server 


stability and security and en- 
able the school district to re- 
duce the number of servers it 
uses, which now stands at 200, 


| he said. Only a few of the ex- 


isting servers run Linux. 

“We want to minimize our 
Windows servers,” Kebo said. 
“The Linux servers are always 
up, and we definitely have 
had problems with Windows 
servers. For some reason, the 
servers would stop and we 


| had to reboot.” 


The Clovis schools first 





Pr telat) 
imaging, configuration lock- 
down and remote management 
capabilities for Linux systems. 


Novell's policy- 
based management auto- 
mation capabilities to Linux 
ree 


Open Enterprise 
Server, which puts Novell’s 
PR Ue aU ecm im em 
Linux and NetWare kernels. 


$130 per end user. 


became a Novell customer a 
year ago. It installed Novell’s 
eDirectory software after de- 
ciding during a competitive 
evaluation that Microsoft 
Corp.’s Active Directory didn’t 
provide “anywhere near” the 
functionality of the Novell 
product, Kebo said. 

He also was impressed by 
Novell’s Linux direction, 
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which over the past two years 
has included the release of its 
NetWare services on the Lin- 
ux kernel and the acquisition 
of vendors such as SUSE Lin- 
ux AG and Ximian Inc. 

The Linux management 
software that’s part of the 
ZENworks suite is based on 
Ximian’s technology, which 
previously was called Red 
Carpet Enterprise. ZENworks 
7 adds a variety of features for 
managing Linux systems, such 
as a remote administration 
tool (see chart). 

Fred Broussard, an analyst 
at IDC in Framingham, Mass., 
said the new version enhances 
Novell’s already solid ZEN- 
works offering by increasing 
the software’s ability to man- 
age mixed networks with both 
Linux and Windows. But more 
significantly, “it heralds Nov- 
ell’s increasing independence 
from NetWare,” which has 
been buffeted by a persistent 
decline in revenue in recent 


years, he said. @ 56303 





IBM, Geographic Society Team on 
Project to Trace Human Migration 


$40M effort aims 
to collect and 


mine 2TB of data | 
——_—_——_—_—_____—_——— | searchers, many using Linux- 

| based ruggedized laptops 

| equipped with fingerprint 


BY MATT HAMBLEN 

IBM last week announced that 
it has begun to deploy custom 
data-gathering software devel- 
oped jointly with the National 
Geographic Society as part of 
a five-year project to map how 
the Earth was populated and 
how tribes and other groups 
may have migrated through 
the ages. 

Under the Genographic 
Project initiative, hundreds of 
thousands of human DNA 
samples will be gathered 
worldwide and stored in a 
2TB database at the National 
Geographic Society’s head- 
quarters in Washington. 

The project will be daunting 
in its complexity, said Ajay 
Royyuru, senior manager of 
IBM’s Computational Biology 
Center. For example, blood 


| samples and personal informa- 


tion will be collected from 
more than 100,000 indigenous 
people by thousands of re- 


readers for security purposes, 
Royyuru said. 

When the undertaking was 
first detailed in April, project 


| director Spencer Wells, an 


explorer in residence at the 
National Geographic Society, 


| dubbed it the “moonshot of 


anthropology” and said it 
was designed to fill in gaps in 
our understanding of human 
history. 

The data-gathering work is 
so massive that it poses an in- 
teresting integration case 
study for IT managers, said 
Peter Rodriguez, who holds a 
distinguished engineer title at 
IBM. Ten universities around 
the world will work together 
| to collate and analyze the data, 
| but all had been using their 








own spreadsheets, which have 
now been unified, he noted. 
“We tend to think scientists 


| are very advanced, but they 


are not necessarily advanced 
in the different ways they col- 
lect data,” Rodriguez said. “We 
see ourselves beating them 
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LCeTele Lele) omer) 





MULE UUme Cece mya A 
WERE Ue ey He UM TM eT CMulem el cum rlee 


into submission to play with 
one another.” 

At field labs that are being 
set up as part of the project, 
phenotypes from subjects — 
such as their hair and skin col- 
ors — will be matched to ge- 
netic sequencing from blood 
samples, Rodriguez said. The 
data then will be converted 
into XML objects for transmis- 
sion to the universities and the 
central database, accompanied 
by geographic coordinates 





showing where each partici- 
pant was interviewed. 
Royyuru estimated the total 
cost of the project at $40 mil- 
lion, primarily to cover years 
of salaries for thousands of re- 
searchers. But the software de- 
velopment process has posed 
challenges from a data mining 
perspective, he noted. “The 
lessons we have learned are 
clearly something we will 
replicate in other projects,” 
Royyuru said. @ 56316 
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EMC Agrees to 
Acquire Rainfinity 


EMC Corp. has agreed to purchase | 
Rainfinity Inc., a network file vir- 
tualization software vendor, in a 
deal the company valued at less 
than $100 million. Privately held 
Rainfinity, which employs 60 
workers, sells virtualization soft- 
ware for Windows, Unix and Lin- 
ux systems to simplify manage- 
ment and make it easier for users 
to perform data migrations. 


Sun Misses Ship 
Date for StarOffice 


Sun Microsystems Inc. has missed 
the targeted release date for Star- 
Office 8, according to its Web 
site. The productivity suite was 
originally slated to ship last 
month, but Sun acknowledged 
that Version 8 isn’t yet available. 
A Sun spokesman declined to re- 
veal when it will be released. Sun 
previewed a beta release of Star- 
Office 8 at the LinuxWorld Confer- 
ence & Expo in Boston last winter. 


AMD Hires IBM Vet 
To Run Design Unit 


Advanced Micro Devices Inc. has 
tapped a former IBM executive to 
take charge of its silicon design 
efforts. Jeff VerHeul, a 25-year 
IBM veteran, was named corpo- 
rate vice president of silicon de- 
sign. He will be responsible for ail 
of the company’s future comput- 
ing products. VerHeul had been 
the head of IBM’s Engineering & 
Technology Services unit. 


Symantec Buys 
Sygate Technologies 


Symantec Corp. has agreed to ac- 
quire Sygate Technologies Inc., a 
maker of software that enforces 
enterprise network security poli- 
cies, for an undisclosed price. 
Symantec plans to integrate 
Sygate’s Enterprise Protection 
product, which includes a firewall 
and intrusion-prevention soft- 





ware, into its Symantec Client 
Security product. 


Sabre Replacing EDI 
With Web Services 


Looking to gain 
flexibility of SOA 


BY HEATHER HAVENSTEIN 
ABRE HOLDINGS CORP. 
has launched a project 
to replace its electron- 
ic data interchange 


| (EDD) system for connecting 


to airlines, hotels and other 
suppliers with Web-services- 
based integration. 

The parent company of 


| Sabre Travel Network, Travel- 


ocity.com LP and Sabre Air- 
line Solutions plans to replace 
a 15-year-old EDI system with 


| Web services by using See- 


Beyond Technology Corp.’s 
Integrated Composite Appli- 
cation Network (ICAN) suite 


| as its integration platform. 


Sabre will be completing 
a pilot project in October to 
connect with one undisclosed 
supplier using Web services, 
said Bob Offutt, senior vice 


president and chief architect 
of strategic architecture at 
the Southlake, Texas-based 
company. 

The SeeBeyond tools will 
provide business rules and con- 
nectivity to replace Sabre’s 
high-speed, real-time EDI 
system, which doesn’t have the 
flexibility of a service-oriented 
architecture, Offutt added. 

Offutt declined to disclose 
the cost of the project or the 
value of the contract with 
Monrovia, Calif.-based See- 
Beyond, which has agreed to 
be acquired by Sun Microsys- 
tems Inc. [QuickLink 55272]. 

“SeeBeyond will give us the 
ability to have multiple con- 
nectivity scenarios, depending 
on the flavor and language of 
XML,” he said. 

Offutt said the company has 
begun discussions with other 
suppliers in the U.S. and the 
U.K. for rolling out the tools. 

At many sites, Web services 
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adoption is being driven by 
companies looking to replace 
expensive EDI transactions, 
said Anne Thomas Manes, an 
analyst at Burton Group in 
Midvale, Utah. 

“Tt is a much less expensive 
pipe, and it gives you more 
flexibility for the types of mes- 


| sages you can send and opera- 
tions you can perform,” she 
said. “A business-to-business 
connection that used to take 
two months to set up with EDI 
can be set up in a couple of 
hours with Web services.” 

Sabre also plans to use 
the ICAN tools internally to 
orchestrate Web services as it 
continues an effort started five 
years ago to migrate applica- 
tions from its IBM mainframe 
to distributed systems. 

The company has already 
used Web services to extract 
business logic and data from 
its mainframe for hotel and 
| domestic airline reservations. 

But it will need the orches- 
tration tools for its core travel- 
packaging application, which 
allows users to book airline, 
hotel and rental car reserva- 
tions at the same time. This 
core application still resides 
on the mainframe. 

With reusable Web services, 
Sabre has quickly created a 
new shopping-cart application 
and built a managed inventory 
product that gives airlines 
more-sophisticated options to 
manage seat prices to create 
the highest yield, Offutt 
added. @ 56322 








JBoss Program Aims to Ease 
Migrations From WebLogic 


BY HEATHER HAVENSTEIN 
JBoss Inc. last week introduced 


| a program it hopes will entice 


more companies to use open- 
source application server 
software. 

Through its new JBoss Mi- 
gration Program, the Atlanta- 
based company aims to provide 
assessments, methodologies 
and tools to help customers 
move software from commer- 
cial application servers to the 
open-source JBoss software. 

The first iteration of the 
program targets companies 
looking to migrate from BEA 
Systems Inc.’s WebLogic ap- 
plication server to JBoss, said 
Joe McGonnell, director of 
marketing at JBoss. 

The company plans to tailor 
the program for migrations 
from IBM’s WebSphere offer- 


ing in the future, he added. 

The JBoss program targets 
companies like NLG Inc., a 
Woburn, Mass.-based travel 
company that plans to migrate 
a mission-critical application 
from WebLogic to JBoss over 
the next 10 months. 

Jamie Cash, NLG’s vice 
president of technology, said 
he would likely use such a 
migration program to move 
the application. Two years ago 
NLG migrated a legacy green- 
screen booking reservation 
system to JBoss, and the com- 
pany calculated that it saved 
$1 million in licensing fees by 
not using a commercial appli- 
cation server, Cash said. 

NLG initially had concerns 
about JBoss’ long-term perfor- 
mance, but Cash said the ap- 
plication has performed “ex- 








tremely well” since its instal- 
lation. Fears that JBoss would 
make changes that would re- 
quire NLG to rework its appli- 
cation have also proved to be 
unfounded so far, Cash said. 


Ahead of the Curve 
CitiStreet LLC, a Quincy, 
Mass.-based benefits provider, 
tapped JBoss as its application 
server standard for all new 
projects more than a year ago, 
prior to the availability of mi- 
gration tools, said C1O Barry 
Strasnick. 

The company began a mi- 
gration from WebLogic to 
JBoss 18 months ago and has 
now moved all of its mission- 
critical applications to the 
open-source server. 

“We had a need to dramati- 
cally increase the hardware 
resources available to our 
J2EE layer, and do it quickly,” 
Strasnick said. “BEA had what 
we considered to be excessive 
licensing costs in order to 


support these increased 
resources.” 

With JBoss, the company 
has better scalability, availabil- 
ity and support, he added. 

Shawn Willett, an analyst at 
Current Analysis Inc. in Ster- 
ling, Va., said companies 
switching from commercial 
application servers to JBoss 
usually migrate because of 
lower licensing costs, especial- 
ly now that the basic J2EE lay- 
er has become a commodity. 

However, he noted that 
commercial application 
servers still have the edge in 
terms of high-end features for 
availability and management. 

In related news, a group of 
vendors, including Infravio 
Inc., Sonic Software Corp., 
Iona Technologies PLC and 
WSO2, this week will an- 
nounce an incubator project 
to develop an open-source 
enterprise service bus as an 
| Apache Software Foundation 
project. @ 56333 
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Component Costs Rise, 
But PC Prices Won’t 


TAIPEI 

OSTS ARE on the rise for several 
C:= of PC components, includ- 

ing memory chips and LCD 
screens, because of high demand. 
That’s a concern for procurement 
managers at PC makers such as Dell 
Inc. and Hewlett-Packard Co., but ana- 
lysts said IT buyers should have little 
to fear from the increases. 

Prices of the most widely used com- 
puter memory components, 256Mbit 
double data rate chips that run at 400 
MHz, could reach $3 per chip by the 
end of this month, up 27% from June, 
according to iSuppli Corp., a market 
research firm in E] Segundo, Calif. In 
addition, the price of 
notebook-size LCDs rose 
6% over the past two 
months, iSuppli said. 

However, IT buyers 
probably won’t see any in- 
creases in the prices they 
pay for PCs, said Bryan 
Ma, an analyst at IDC’s of- 
fice in Singapore. PC 
prices remain on a down- 
ward spiral, and little is 
going to change that, he 


GLOBAL FACT 


Number of cellular users 
Pelee eR UR arm 
which is projected to 
increase to 2.5 billion 

by the end of 2010. 


An International 
IT News Digest 


| said. When component prices rise, PC 
| makers typically reconfigure their sys- 
| tems to keep costs down, Ma added. 

w DAN NYSTEDT, IDG NEWS SERVICE 


Swiss Bank Signs Deal 
For Dell PCs, Support 


BS AG, a Zurich-based banking 
Lenn has signed a four-year 

contract with Dell to replace and 
manage more than 30,000 desktop and 
notebook computers at UBS branches 
around the world. The deal, which Dell 
announced last week, is worth more 
than $50 million (U.S.), according to 
a spokesman for the IT vendor. 

“By standardizing the PC infrastruc- 
| ture worldwide, we can achieve a sub- 
stantial cost reduction,” 
Scott Abbey, chief tech- 
nology officer at UBS, 
said in a statement. 

Dell said it will provide 
an array of managed ser- 
vices to UBS, including 
installation, technical 
support and asset man- 
agement; it will also 
migrate the bank to the 
Windows XP operating 
system. The new comput- 
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| ers — Dell OptiPlex GX280 desktops 


and Latitude D410 and D610 notebooks 
— will be manufactured to UBS’s spec- 
ifications and delivered with a set of 
customized applications installed. 


$500M Project to Boost 
Broadband in West Africa 


LUSAKA, ZAMBIA 


| NEW YORK COMPANY founded by 
a group of Africans and African- 


Americans plans to develop a 
fiber-optic network that will provide 
high-speed Internet access in West 
Africa and ultimately connect that 
region to Europe, the U.S. and Asia, 
officials said last week. 

The $500 million project is being 
undertaken by the New York-based 
Infinity Worldwide Telecommunica- 
tions Group of Companies (IWTGC). 
The fiber-optic installation will com- 
pete directly with the existing SAT-3 
transcontinental network, which is 
owned by a consortium of 36 national 
telecommunications companies. 

Initially, the ['WTGC’s undersea 
cable will run from Portugal to 
Cameroon along the coast of West 
Africa and link Nigeria, Benin, Liberia, 
Senegal, the Ivory Coast and Ghana. 
The goal is to have the new network 
operational by 2008. @ 56289 
m MICHAEL MALAKATA, IDG NEWS SERVICE 
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Briefly Noted 
Novell Inc. and China Standard 
Software Co. (CS2C), building on 
a partnership formed in April, an- 
nounced last week that they will 
jointly develop Linux-based server 
and desktop software aimed at the 
Chinese market. CS2C is a Shang- 
hai-based software vendor that was 
founded in 2003. 

w JOHN BLAU, IDG NEWS SERVICE 


HP last week announced a free IT 
hardware recycling service for busi- 
ness customers across much of Eu- 
rope, in accordance with the Euro- 
pean Union’s new Waste Electrical 
The directive makes vendors re- 
sponsible for taking back and recy- 
cling electrical equipment. 

@ JAMES NICCOLAI, IDG NEWS SERVICE 


Covansys Corp., an IT services and 
outsourcing firm based in Farming- 
ton Hills, Mich., last week inaugu- 
rated a global development center 
in Bangalore, india, to accommo- 
date its growing offshore business. 
The center consolidates multiple 
Bangalore offices in one building 
and has the capacity for 2,200 IT 
workers, Covansys said. 





Gas Price Increases Spur 
Interest in Telecommuting 


BY MATT HAMBLEN 
AND PATRICK THIBODEAU 
As gasoline prices spiked last 
week by 10 to 20 cents per gal- 
lon around the country, corpo- 
rate managers said there’s a 
renewed interest by employ- 
ees in telecommuting from 
home via computer and 
broadband to avoid lengthy 
and expensive drives to work. 
IT executives last week said 
any sizable boost in telecom- 
muting won’t require signifi- 
cant new spending or inconve- 
nience for their operations. 
The executives noted that 
widely used technologies such 
as Web collaboration tools 
should help ease problems 
faced by new home workers. 


In addition, broadband con- 
nections are becoming so 
commonplace that IT should 
have little problem helping 
teleworkers gain access to a 
big pipe running a virtual pri- 
vate network (VPN) and to big 
files stored on corporate 
servers, managers said. 

In fact, “telecommuting isn’t 
a technology challenge as 
much as a cultural challenge,” 
said Skip Snow, an IT executive 
at a major financial institution 
he asked not to be identified. 

“The problems with tele- 
commuting don’t have as 
much to do with technology 
and tools as with whether a 
worker or manager will work 





as well with a guy on the 





phone as compared with the 
guy in the next office,” said 
Snow, who telecommutes be- 
cause he lives a long distance 
from his job. 

Snow said he can work on 
any computer virtually any- 
where using a smart-card 
equivalent for a password and 
a company portal. 

Teleworkers at General 
Electric Co.’s GE Energy divi- 
sion in Atlanta must have ac- 
cess to a broadband connec- 
tion to access the company’s 
VPN. The GE unit also uses a 
third-party hosting service for 
telecommuters that lets mo- 
bile workers connect to inter- 
nal corporate systems via a 
Web browser when they are 
in airports and other places, 
said Larry Tardell, Southeast 
infrastructure operations 
leader at GE. 

The GE Energy division, 
which supplies home comput- 





4 Telecommut- 

ing isn’t a 
technology challenge 
as much as a cultur- 
al challenge. 


SKIP SNOW, IT EXECUTIVE AT A 
MAJOR FINANCIAL INSTITUTION 


ers and a broadband connec- 
tion to telecommuters, has cut 
its office workstation require- 
ments by 50 systems. 

Each such system costs the 
company about $15,000 a year 
in real estate and related costs, 
so the annual savings can be 
significant, said Kate Lee, 
manager of community affairs. 

Snow said that as real estate 
expenses rise, the corporate 
costs of supporting telecom- 
muters might become insignif- 
icant to corporate budget 
makers. “It’s not expensive to 





telecommute,” he said. 

And large companies might 
find it advantageous to have 
workers telecommute to better 
distribute the workforce and 
lessen the impact of a potential 
catastrophe at a central facility. 

The biggest concerns in set- 
ting up effective telework pro- 
grams have been over proper 
supervision of workers and 
ensuring that home systems 
are secure, managers said. 

Jane Franklin, a special proj- 
ects coordinator overseeing 
telework and van pooling at 
Georgia Power in Atlanta, said 
about 475 teleworkers must ad- 
here to a set of guidelines for 
telework. The guidelines sub- 
ject workers who introduce a 
virus into the company net- 
work to having remote access 
disabled for two days. Once 
a worker introduces a third 
virus, his remote access is per- 
manently disabled. @ 56334 
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Continued from page 1 


Hackers 


systems administrator at the 
Waukegan, Ill.-based distribu- 
tor of packing and shipping 
materials. 

The Windows 2000 bugs 
caused infected systems to 
restart repeatedly and could 
allow remote attackers to take 
control of compromised sys- 
tems. According to vendors of 
antivirus software, the mal- 
ware targeted only older, Win- 
dows 2000-based systems. 

Although none of those 11 or 
so worms are considered par- 
ticularly serious by most secu- 
rity experts (see story at 
right), they serve as a sobering 
illustration that hackers can 
take advantage of new flaws 
before many companies can 
patch them, said John Pironti, 
a principal security consultant 
at Unisys Inc. in Blue Bell, Pa. 





aCe UR ee ie 
leashed last week, taking ad- 
vantage of a flaw in a plug-and- 
play component of the Windows 
2000 operating system. 


Worm variants were based 
on three families: Zotob, Bozori 
and Ircbot. 


They caused infected 
machines to restart repeatedly. 


eT yur RS CLT 
were unaffected by the worms. 


“J think these attacks show 


| that there is still a fair bit of la- 
| tency” between patch release 


and deployment in a lot of 
companies, agreed Fred Rica, 
a partner at Pricewaterhouse- 
Coopers in New York. 
“Hackers have adopted new 
attack techniques,” Pironti 
said. “Instead of going out and 
looking for vulnerabilities on 





NEWS 


their own, they are waiting for 
patches to be released to see 
what holes are being fixed.” 
Then they go after those holes 
as quickly as they can, he said. 

The trend could leave many 
companies dangerously ex- 
posed, especially large ones 
that typically test and analyze 
patches before deploying 
them, Pironti said. 

“They have to assume that 
they are going to be vulnera- 
ble to attack from the moment 
a patch is out,” he said. “They 
need to have countermeasures 
in place while the patches are 
tested” and deployed. 

Enterprises should look at 
implementing the equivalent 
of the color-coded threat sys- 
tem used by the U.S. Depart- 
ment of Homeland Security 
when dealing with newly dis- 
closed flaws, said Dave Jordan, 
chief information security offi- 
cer for the government of Ar- 
lington County, Va. Once new 


Patching Efforts Help Users Fend Off Worms 


About 15 IT staffers at Delaware 
Investments Inc. had to work 
late into the night last Tuesday to 
patch Windows 2000 systems 
so that Zotob and the other new 
worms wouldn't wreak havoc 
on the company's business op- 
erations. 

But more commonly, Win- 
dows 2000 users who respond- 
ed to a random e-mail poll con- 
ducted by Computerworld re- 
ported no impact, thanks to dili- 
gent preventive patching of their 
systems or, in some cases, 
emergency fixes. Only three of 
20 respondents said their com- 
panies felt some effects from the 
string of worms targeting un- 
patched PCs and servers. 

Jeff Goldman, a systems ad- 
ministrator at Philadelphia- 
based Delaware Investments, 
said the Lincoln National Corp. 
subsidiary was affected for a 
short period of time but man- 
aged to stop the worms and ap- 
ply the necessary patches with 
no downtime for its operations. 
“Thankfully, not much business 
was disturbed,” Goldman said. 

In the wake of the attacks, 
Delaware Investments plans to 


make buying software that will 
help with the deployment of 
patches a top priority, he added. 
IT staffers had already evaluated 
several products, including Mi- 
crosoft’s Windows Server Up- 
date Services and BMC Soft- 
ware Inc.'s Marimba tools. Now 
the company is “willing to spend 
whatever is necessary to make 
sure this doesn’t happen again,” 
Goldman said. 

Roger Wilding, a senior tech- 
nical engineer at a global ship- 
ping and supply chain services 
firm that he asked not be identi- 
fied, said his company's IT staff 
uses Microsoft's Systems Man- 
agement Server software to de- 
ploy patches. That has helped 
the company ensure that most of 
its systems have Microsoft's lat- 
est security fixes and software- 
update service packs, he added. 

“You need to build your infra- 
structure to support continual 
patching of systems, regardless 
of the operating system,” Wild- 
ing said. 

Neville Teagarden, CIO at Pro- 
Logis, a real estate investment 
trust in Aurora, Colo., said auto- 
mated antivirus and software 


update tools from Altiris Inc. that 
the company deployed during 
the past year have also helped it 
to avert major security problems. 

Typically, patches are auto- 
matically fed into a test environ- 
ment. But Teagarden said that 
based on the risks posed by Zo- 
tob, ProLogis decided to shorten 
its test cycle and immediately 
deploy Microsoft's patch. 

Likewise, Kindred Healthcare 
Inc. in Louisville, Ky., made an 
emergency deployment of the 
patch to its servers last Tuesday 
night, said Rob Rhodes, a tech- 
nical consultant at the company. 
Kindred had already patched “a 
high percentage” of its desktops 
before the worms were released, 
he said. 

The worms attacked systems 
at 13 of DaimlerChrysler's 23 
North American manufacturing 
and assembly plants, according 
to spokesman Dave Elshoff. Pro- 
duction disruptions ranged from 
five to 50 minutes, Elshoff said. 
The automaker is still assessing 
the damage from the worms but 
should be able to easily make up 
the lost work, he added. 

- Carol Sliwa 





flaws are disclosed, Jordan said, | 


IT security personnel “should 
conduct business differently 
than they would day to day.” 
They need to implement coun- 


| termeasures as soon as possible 
| to mitigate risk, he said. 


Measures can include con- 


| ducting thorough threat analy- 
sis, gaining an understanding 


of specific risks of new flaws, 


| shutting down systems where 


possible, blocking access to af- 
fected ports and using intru- 

sion-detection and -prevention 
systems to monitor for unusu- 
al activity and network behav- 


| iors, security experts said. 


A vast majority of worms 


| and viruses, including those 


launched this week, use com- 
mon methods and take advan- 
tage of common flaws — such 
as buffer overflows — to attack 
vulnerable systems, said Thor 
Larholm, a senior security re- 
searcher at PivX Solutiors Inc. 
in Newport Beach, Calif. 
Instead of relying solely on 
patches to fix every new flaw, 
it’s better to address some com- 
mon underlying vulnerabili- 
ties, he said. “There are multi- 
ple ways to protect against 
entire classes” of vulnerabili- 
ties without having to apply 
patches for each one, he said. 
PivX is one of several ven- 
dors, including Immunix Inc. 
and eEye Digital Security, that 
sell tools to repair generic 
buffer overflows in the ab- 
sence of vendor patches. 
“About 90% of the worms 
out there can be mitigated just 
by hardening your systems,” 
Larholm said. For instance, dis- 
abling so-called null-session 
accounts, which are enabled by 
default on Windows 2000 sys- 
tems, would have prevented 
this week’s worms from taking 
advantage of the plug-and-play 
flaw, though it is not always 
practical, he said.@ 56329 


Carol Sliwa contributed to 
this story. 


MORE ON THIS TOPIC 


In this issue: Neither vendors nor users 
have learned their lesson about worms, 
says Frank Hayes. Page 46 


Online: Read full coverage of IT security 
issues on our Web site: 


QuickLink ki600 
www.computerworld.com 
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Win 2k Bugs _ 
Called ‘Routine 
Despite the media frenzy, none 
of last week's slew of worms 
targeting a Windows 2000 vul- 
nerability was all that unusual or 
serious, security experts said. 

“We would not characterize 
this as a widespread problem. 
The worms were similar in na- 
ture to worms we routinely see 
on the Internet,” said Debbie 
Fry Wilson, director of Micro- 
soft's Security Response Center. 

“There was nothing unusual 
about the exploit code or the 
type of worms created,” she 
said. “The difference here was 
that you had an unusual num- 
ber of media outlets that were 
impacted,” resulting in a lot of 
publicity. The bug hit outlets 
such as CNN, The New York 
Times and ABC News. 

Similar worms are spread “all 
the time,” noted Ero Carrera, a 
virus researcher at F-Secure 
Corp. in Helsinki, Finland. 
“There was no major new trend 
or techniques that made these 
worms particularly virulent.” 

No estimates were available 
late last week on the extent of 
the damage caused by the 
worms, though most antivirus 
vendors assessed the worms 
as medium- to low-risk threats. 

Trend Micro Inc. rated two of 
10 of the worms as a medium 
risk, while the rest garnered a 
low-risk rating. Rival antivirus 
vendor McAfee Inc. pegged 
only one of 10 on its list as 
medium risk, with the rest said 
to be low risk. 

Even so, it would be a mis- 
take to underestimate all the 
worms, warned an advisory 
from security vendor Arbor Net- 
works Inc. in Lexington, Mass. 

“Arbor Networks has re- 
ceived calls from a number of 
large companies that have 
been devastated by Zotob,” 
one of last week's Windows 
2000 worms, the advisory 
said. The appearance of sever- 
al Zotob variants, including one 
that spreads via e-mail, could 
portend problems for compa- 
nies, Arbor warned. 

- Jaikumar Vijayan 
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Analytics Push Helps Siebel Win Sierra Health Deal 


BY STACY COWLEY 
Siebel Systems Inc.’s recent moves to 
bolster the analytics capabilities in its 
software have paid off in at least one 
new customer win. Sierra Health Ser- 
vices Inc. said last month that it has 
picked Siebel to underpin a $5 million 
CRM overhaul, and its CIO cited the 
vendor’s analytics offerings as a major 
factor in the deal. 

The Las Vegas-based health care 
company uses a 6-year-old CRM sys- 
tem built around software from Onyx 
Software Corp. to track interactions 
with its 580,000 customers. Because 
the hardware and operating system 
software supporting the system are ap- 
proaching retirement age, Sierra Health 
decided to start over from scratch. 

“It was highly customized, and that 
creates roadblocks to be able to up- 
grade cost-effectively,” said CIO Bob 
Schaich. “We knew we essentially had 
to have a complete replacement.” 

Sierra Health initially considered a 
number of vendors before narrowing 





its list to Siebel and Bellevue, Wash.- 
based Onyx. After several months of 
due diligence, Sierra Health opted for 
Siebel. “(The analytics software] was a 
real value-add for us,” Schaich said. 
“Onyx has some similar products, but 
we felt the Siebel analytics would be a 
better fit for our environment.” 

An Onyx spokesman didn’t return a 
call seeking comment. 


Fast-Growing Product Line 


Analytics has become one of Siebel’s 
fastest growing product lines, with 
software license revenue rising 44% 
last year, to $111.6 million, and account- 
ing for more than 22% of the compa- 
ny’s total annual license revenue, ac- 
cording to Siebel’s annual report. 

In June, CEO George Shaheen cited 
analytics as one of four key growth ar- 
eas for San Mateo, Calif.-based Siebel. 

IDC analyst Robert Blumstein said 
Siebel has done a solid job of growing 
its analytics business. “That has been 
the bright spot in their revenue picture 


Southern Burger Chain Beefs Up 
Wi-Fi Access to All 243 Stores 


Krystal says the service 
has attracted new 


customers to restaurants 


BY TODD R. WEISS 
A year after offering free wireless In- 
ternet access to customers in 52 com- 
pany-owned restaurants in the South, 
The Krystal Co. hamburger chain has 
expanded the service to all 243 of its 
locations. 

The free Wi-Fi service is bringing in 
new customers and has improved in- 
ternal communications for Krystal’s 
own mobile workers, said David Reid, 
CIO at the Chattanooga, Tenn.-based 
company. Krystal began the service in 
52 restaurants in June 2004. 

The deployments were completed 
last month in company-owned restau- 
rants in 12 states. 

The service is attracting new cus- 
tomers, Reid said, though the evidence 
so far is only anecdotal. Based on cus- 
tomer interviews, “we know for a fact 
that there are people who come here to 
Krystal just for the hot spots,” he said. 

Records of IP and media access con- 
trol addresses that have accessed the 
network show that about 1,000 wire- 





less computers have used the free 
Wi-Fi network, Reid said. 

Krystal’s mobile workers have bene- 
fited from the wireless system while 
on the road. “It has made our work- 
force so much more efficient,” Reid 
said. “We're seeing huge gains in our 
own productivity and our communica- 
tions. If the customers find it benefi- 
cial, then that’s just gravy.” 

When the Wi-Fi service was pro- 
posed, the company quickly chose to 
provide it for free, Reid said. “It’s so 
simple to provide free wireless, and it’s 
incredibly complicated to charge for 
it,” he noted. 

Krystal HotSpots use a broadband 
Internet connection that allows up to 
32 users to simultaneously access the 
802.11b network. 

Ken Dulaney, a wireless analyst at 
Gartner Inc. in Stamford, Conn., said 
Wi-Fi is often being used by compa- 
nies to “attract people to hang around,” 


potentially generating additional sales. | 


“More and more organizations are 
doing it. They’ve got the broadband in 
there for their own use” and are able to 
expand it for the use of customers, Du- 
laney said. “It’s more mainstream than 
two years ago.” @ 56286 


over the last several years,” he said. 
Sierra Health is planning a phased 

rollout of the new system. The first 

product, individual insurance, is sched- 


uled to go live by the end of the year. 
The CRM overhaul includes software, 
hardware, services and third-party 
applications, Schaich said. @ 56288 
Cowley is a reporter for the IDG 

News Service. 
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DON TENNAN 


AST APRIL, during a four-day official visit 
to India, Chinese Premier Wen Jiabao sent 
shivers through many IT pros in the West. 
He proclaimed that a combination of Indi- 
an software skills and Chinese hardware 
expertise will propel the two countries to a leader- 


ship position in global IT. 

“When that particular 
day comes,” Wen trum- 
peted, “it will signify the 
coming of the Asian cen- 
tury of the IT industry.” 

It was a disturbing vi- 
sion for many people who 
had already been fretting 
over the loss of jobs to 
those countries. The 
thought of an Asian IT 
axis that would present 
an even more formidable 
threat didn’t sit well at all. 

I could have told them then that 
they had nothing to worry about, 
but I would have been deluged with 
more irate mail from readers scoffing 
at my rose-colored glasses. And our 
IT guys were already mad at me for 
hogging space on the e-mail server. 

But I bring it up now because 
there was a good example last week 
of why all the hand-wringing was un- 
necessary, and it’s worth recounting. 

Just four months after Wen’s visit 
to India, during which he toured the 
massive Bangalore R&D operations 
of China’s Huawei Technologies 
(think of Huawei as China’s Cisco 
Systems), the Indian government 
made it clear that it has no intention 
of getting too chummy. The Times 
of India reported last week that 
Huawei, which has more than 900 
engineers in Bangalore and has an- 
nounced plans to invest $100 million 
in its Indian operations, is being kept 
at a safe distance from India’s core 
telecommunications infrastructure 
for security reasons. 

According to the article, several In- 
dian government agencies, including 
the RAW (the Research and Analysis 
Wing, India’s CIA) have concluded 
that Huawei poses a specific threat. 





The RAW stated that 
Huawei “has been re- 
sponsible for sweeping 
and debugging opera- 
tions in the Chinese em- 
bassy. In view of China’s 
focus on cyber warfare, 
there is a risk of exposing 
our strategic telecom 
network to the Chinese.” 
Moreover, India’s 
Ministry of External 
Affairs cited concerns 
over Huawei'’s “links 
with the Chinese military and intelli- 
gence establishment, their clandes- 
tine operations in Iraq and Taliban- 
ruled Afghanistan, and their close 
ties with the Pakistan army.” 
None of that means Huawei 


| shouldn’t be engaged by India and 


the rest of the international commu- 
nity. History has demonstrated that 
engagement yields a lot more posi- 
tive change than the alternative does. 
There’s no question, for example, 





Axis 


that Huawei’s 2-year-old joint ven- 
ture with 3Com helped the Chinese 
firm recognize the essential nature 
of honoring other companies’ intel- 


| lectual property. An isolated Huawei 


would have been far less likely to 


| ° ® ° = . 
end its violation of Cisco’s intellectu- 


al property rights, as it did last year. 
But last week’s development does 

demonstrate why Wen’s vision of a 

two-country IT powerhouse is un- 


tenable. Name any two or three 


countries, and try to imagine them 
forming a successful union if their 
purpose is to lead or dominate. 
There will always be political and 
economic reasons why it will never 
happen. The union will succeed 
only if it obviates domination by 
becoming global. 

There will be no Asian century of 
the IT industry, just as there will be 
no African or European or North 
American or South American centu- 
ry of the IT industry. The day we can 
all look forward to is the one when 
the IT industry, along with every 
other economic and professional 
sector, is truly global. 

The axis-of-power idea has been 
tried. Thankfully for all of us, it 
didn’t work. @ 56292 
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BRUCE A. STEWART 
Why People 
Don't Use 
Information 


OES IT SEEM that the 

more information you 

provide, the less it gets 
used? Why is it that informa- 
tion technology is so good at the tech- 
nology part and can’t seem to get the 
information part going? 

Part of the problem is that we con- 
fuse what our systems need in order 
to work efficiently with what any of 
us need in order to answer a ques- 
tion. (There’s a reason Google has an 
$80 billion market cap while you’re 
considered a cost center.) 

Yes, our systems need structured 
data to work well. So when we load up 
a data warehouse for all those ques- 
tions (that we don’t receive), what 
should we do differently? 

Think of the ware- 
house as a knowl- 
edge manifold. This 
is a structured infor- 
mation architecture 
supporting strategies 
for focusing on items 
or ignoring them. 

Like in the Google 
model, this is one 
vast pool of informa- 
tion that seems to 
shift its shape de- 
pending on what’s 
asked of it. 

Unlike Google’s, 
our manifold can 
certify its contents 
— nothing is in it 
that can’t be traced 
back to a trusted source. In other 
words, it can contain information that 
interprets other information. 

To help users deal with their ques- 
tions, the manifold is composed from 
three different roles, some of which 
might be in IT and some in other areas, 
such as finance or plant scheduling. 

@ The cartographer adds information 
that puts other information in context. 
One example might be a historical ex- 
change-rate table that lets users inter- 
pret older financial results from differ- 
ent divisions. Cartographers also create 
“big picture” maps. (All these items 
make up what you need to know to un- 
derstand the flow through this plant.) 

® The librarian fills the maps, identi- 
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fying what is certified (comes from in- | 
ternal sources), what is uncertified (is | 
added from outside sources) and what 
is missing. 

@ The composer creates new inter- 
pretations, typically as a result of do- 
ing more work to augment the infor- 
mation. 

There are also four roles that are ful- 
filled to support questioning. Again, 
these are scattered throughout the or- 
ganization, not just in IT: 

@ A coach helps users by encourag- 
ing them to ask questions. Typically, 
this is a role carried out by managers 
— but managers in turn need to learn 
how to use those requests to develop 
their staff. 

® Knowledge preachers need to pro- 
vide live answers on demand when 
the warehouse isn’t enough. (These are 
the “experts” who can be called upon 
when needed.) 

@ A plumber keeps preachers from 
being inundated with requests from 
people who are unwilling to use the 
tools provided. (This is a great growth 
role for a help desk person.) 

@ Finally, managers and significant 
peers act as mentors to help motivate 
more questioning. 

Let’s be clear: These are not usually 
jobs, but rather ways of looking at 
issues. One person may fulfill all of 
these roles in the course of his work- 
week. A person can be a preacher in 
his area of competence and need a 
preacher when he’s outside his normal 
work competence 

Some of you by now might be say- 
ing, “This is knowledge management 
or learning theory; how does it apply 
to data warehouses and getting people 
to make more use of them?” If we’re to | 
fulfill our information destiny and not 
just our technology destiny, we’re go- 
ing to have to start thinking about the 
questioner, not just the tools to gener- 
ate an answer. Get this right, and justi- 
fying the next warehouse investment 


will be a snap. @ 56218 
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Re-evaluating 
Accountants 


HEN I WAS ASKED 
to speak at the an- 
nual convention 


of a well-known professional 
association of management accoun- 
tants, I accepted with some trepida- 
tion. I don’t hold being an accountant 


against anyone, but with the 
advent of ERP systems, it 
seems that we IT folks have 
been or the receiving end of 
a lot of accountant-caused 
grief. 

In many cases, I felt, it 
was accountants who decid- 
ed to buy those infernal ERP 
systems, and IT got stuck 
with the thankless task of in- 
stalling them. Accountants 
insisted on making endless 
software modifications, and 
we got blamed for the cost 
overruns. Once the systems 
were installed, the accoun- 
tants used those systems to 
spin the numbers and park 
obscure charges on our IT 
budgets. While we were 
busy struggling with balky 
computer systems, they were busy 
devising devilish new cost-allocation 
schemes. 

I resolved to keep these dark 
thoughts about the accounting profes- 
sion to myself and at least try to give 
dialogue and diplomacy a chance. My 
presentation was surprisingly well re- 
ceived, and members of the audience 
asked interesting and thoughtful ques- 
tions. That evening, my hosts arranged 
a dinner. Along with some fine sea- 
food, they served several bottles of ex- 


AMD Has a Right to Battle Intel in Court 


E’LL ALL HAVE TO WAIT for 
the truth of the allegations in- 
volving Intel and AMD to come out 
in the courts. In the meantime, it’s 
interesting fodder for the technolo- 
gy press, including Don Tennant 
to speculate and pontificate about 
[“AMD: All My Disgust,” QuickLink 
55310]. Perhaps it’s my turn 
|'m appalled that Tennant claims 
that “the only way Intel can be suc 


times, 


tyint 
increasing 


bully vendors” is for computer buy 
ers to perceive that AMD has inferi- 
or products and that this has hap 
pened because AMD's marketi 
incompetent. In so doing 
gests that competent marketing 
can triumph over (for now alleged) ma 
egregious and illegal marketplace 
manipulation every time 

This is like saying the good g 
always win, even or especially 
when they have their hands tied 
behind their backs. 

The marketplace is a battlefield 


+ 


AMD's 


MICHAEL H. HUBOS is CIO 
at Network Services 
Co., a distribution 
cooperative in Mount 
Prospect, Ill., that sells 
food-service and janito- 
rial supplies. He is the 
author of Building the 
Real-Time Enterprise: 
An Executive Briefing 
(John Wiley & Sons 
Inc., 2004). He can 
be reached at 
mhugos@nsconline.com. 


every day for every business. Many 
that battle, of necessity, 
moves to the courts 

My sense is that AMD finally has 
ac _ ved a critical mass of credibili- 
he market and that it 


ness arena gives it the courage and 
resources to adequately pursue 
what it believes is an appropriate 
remedy at law. Perc 
cessful in its alleged attempts to ng is also driven by what AMD be 
lieves will finally be a preponder- 
ance of evidence that will 
claims 
Consider the likel 
he sug mass market is controlled more by 
nass builders t 
sses clamoring 
or the best technology. As such In 
credibility and current mar- 
ket share have been driven by the 
2w rather than the many 
"ee he public is difficult, 
because people rarely believe that 
they need educating until some 


cellent wine. I hadn’t real- 
ized that people of the ac- 
counting persuasion had 
such good taste. I began to 
relax ever so slightly. 
ple began to speak a bit 
more frankly. 

Imagine my surprise 
when I heard that accoun- 
tants are feeling equally 
threatened by IT people. 
How could this be? Well, it 
turns out that with the ad- 
vent of ERP systems, many 
of the time-honored activi- 
ties of the accounting pro- 
fession have been automat- 
ed. Gone are the days when 
accountants could spend 
the better part of a month 
doing a month-end close. 
Gone are the days when 
only accountants could see the num- 
bers and everyone else had to go hat in 
hand to the accounting department to 
get a profit-and-loss statement. 

Many accountants are having a real 
crisis of confidence. “If people can get 
their own financial reports without ac- 
countants, what do they need us for?” 
they asked. “IT people and their infer- 
nal ERP systems are putting us out of 
business.” 

This was astounding. “What do you 
mean ‘IT people and our infernal ERP 
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I asked. “I thought it was 
you guys who had us put them in.” 
“No,” they told me, “ 
That night, 
smooth-t 


systems’?” 


it wasn’t us.” 
I heard stories about 
alking consultants in le: 
with glad-handing software vendors 
calling on gullible executives. I heard 


sue 


stories of orders issued from plush 
corner offices and corporate check 
books opened to legions of strangers 
I began to feel embarrassed. I 
thought about some of 


the ungenerous 


1 downright unkind things I 


have 
said about accountants in moments of 
stress and fear. We began to have a 
meeting of the minds. We agreed that 
these infernal ERP systems are threat- 
ening all of us. These systems make it 
easy for companies to outsource IT op- 
erations, and they make it way too easy 
for nonaccountants to see the numbers. 
As we shook hands at the end of 
the evening, I realized that heretical 
thoughts were causing me to question 
some dearly held beliefs. Is it time to 
bury the hatchet and look 


tants as fellow travelers on this jour- 


at accoun- 


ney of discovery at the dawn of a new 
century? Do we need to help each oth- 


er redefine our professions? @ 56208 
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ThinkPad recommends Microsoft® Windows® XP Professional. 


RECOVERS YOUR WORK IN MINUTES. 
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Maybe you’ve had a virus attack. Or a software installation 
failure. Or your operating system’s been corrupted. Just pres 
the blue button on any ThinkPad® notebook and a range of 
comes to the rescue. It’s called Rescue and Recovery™ 
Standard on all new ThinkPad notebooks; it can get you up and 
running even when your operating system’s down. So work with 


a feeling of confidence. Instead of that sinking feeling. 
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ot Questions About 
Enterprise Analytics? 


Computerworld’s IT Management Summit Has the Answers 


Looking to better understand enterprise 
analytics? Apply to attend Computerworld’s 
complimentary” half-day IT Management 
Summit: Beyond Business Intelligence. 


Enterprise analytics enable companies to 
make timely fact-based decisions using 
critical information from across the entire 
organization. By fully leveraging data, 
technology, skills and processes, successful 
users of enterprise analytics go beyond 
simply understanding the past, to predicting 
outcomes that improve overall corporate 
performance. 


This summit will feature the latest insights 
of business intelligence industry experts and 
will give you first-hand information on the 
innovations and experiences of companies 
successfully deploying enterprise analytics. 


Apply for registration today 
Contact Chris Leger at 888-299-0155 
or visit: www.itmanagementsummit.com 


Beyond Business Intelligence: 
Using Enterprise Analytics to Drive 
Fact-Based Decisions 


San Francisco, California - September 20, 2005 


Pan Pacific San Francisco Hotel - 500 Post Street, Union Square | 


8:00am to 8:30am 
8:30am to 8:40am 


Registration and Networking Breakfast 


Introduction and Overview 
Julia King, Executive Editor, Events, and National Correspondent, 
Computerworld 


8:40am to 9:10am Trends in Enterprise Analytics: 
An Industry Analyst’s Overview 


Keith Gile, Principal Analyst, Forrester Research 


9:10am to 10:00am ‘Transforming Enterprise Data Into 
Actionable Business Intelligence 

Keith Collins, SVP and Chief Technology Officer, SAS 
ema, Bus 


Michael Ti ess Intelligence Strategist, Intel 


10:00am to 10:15am Refreshment and Networking Break 


10:15am to 10:45am Case Study: APEX Management Group 
ody Porrazzc rector of Econometric Risk Strategy 


ArcA Manag G 


Case Study: McKesson 


Stephen Zar Vice Presider 


10:45am to 11:15arn 


Panel Discussion - From Gut Feel to Fact-Based 
Decisions: Real-Life Business, Political and 


11:15am to Noon 


Technology Lessons Learned on the Front Lines of | 


Enterprise Analytics 


Moderator: Julia King, Executive Editor, Events, and Nationa 


atric Risk Strategy 


t, Enterprise Business 


Luncheon (optional!) 


Exclusively sponsored by 


9sas.__ in 


The Power to Know, 


COMPUTERWORLD 


it, Enterprise Business Intelligence | 





Selected 
speakers include: 


Jody Porrazzo, Ph.D. 
Director of Econometric Risk 
Strategy, Niis/APEX Group 
Holdings 


Keith Gile 
Principal Analyst, 
Forrester Research 


Keith Collins 
SVP and Chief Technology 
Officer, SAS 


Michael Tillema 
Business Intelligence Strategist, 
Intel 
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Julia King 

Executive Editor, Events, and 
National Correspondent 
Computerworld 
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JERRY BARTLETT Dynamic IT/Dynamic Enterprise 
Vice President, Application Development What the Next Generation IT Looks Like and 
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Chief Information Officer Senior Vice President, Research 
Apollo Group (The University of Phoenix) 3 IDC 


MICHAEL CRISAFULLI The Leading Executive 
Vice President, Core Services 
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CINDY S. HUGHES * Enterprise IT Management 
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Distributed Management Solutions for 
Today’s IT Data Center and Infrastructure 


¢ Gain insight to manage large, distributed data center IT infrastructure 


¢ Identify and select the latest in data center and enterprise 
management technologies 


¢ Hear the latest in server management, utility computing, and security 
tie ehidcion of the DMIF is well ¢ Learn from best practices, case studies, and tutorials 


served by a conference dedicated 
to information and infrastructure 
management solutions. Enterprise 
Management World continues 

to address the challenges in 
expanding and managing data Featuring... 
centers and communication 


Why You Should Attend 


TE Tutorial Trac 


networks. We invite our member 
companies, Alliance Partners and 
the industry at large to contribute 
to the advancement of this critical 
mission by participating.” 


Jim Turner 
Cisco 
Chairman, DMTF 


Co nfe rence At-a ” Gla nce (subject to change) 


For details, updates, and to register visit WWW.emwusa.com/cw 
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“Enterprise management is a 
business area where it is chal- 
lenging to stimulate collaborative 
interactivity. There just are not a 
lot of opportunities to meet with 
colleagues from other firms and 
share experiences. EMW provides 
the forum where you can find 
new innovations and practical 
experiences from other technical 
managers who have accomplished 
real world changes and can help 
you translate their experiences 
into your reality” 

Irving Tyler 


Quaker Chemica 
Vice President & CIO 
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TECHNOLOGY — 


| 
SECURITY MANAGER’S JOURNAL 
Intellectual Property 
Is Focus at New Job 
Mathias Thurman’s new challenge: 
keeping technical manuals, engineering 
documents and source code out of the 
hands of departing employees. Page 32 


OPINION 
Awaiting the PC Killers 


Virus writers could do serious damage to 
| computers by attacking the microcode em- 
bedded in hard disk drives, CPUs and other 
components. But two obstacles stand in 
their way, writes Robert L. Mitchell. Page 33 


FUTURE WATCH 
Power Play 


Researchers are investigating new ways 
to reduce CPU heat loads and energy de- 
mands without compromising processor 
power for computers like Los Alamos 


National Laboratory’s ASC Q. Page 30 
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Companies are using speech-enabled 
applications to cut average call times, 
decrease staff requirements and enable 
new features. By Robert L. Mitchell 


fulfillment operations at the New 
York-based publication. The system, 
| purchased from Tuvox Inc. in Cuper- 
| tino, Calif., halved average call times, 
| from four minutes to two. That im- 
| proved customer service while also 


HEN TV Guide subscribers | 
want to notify the maga- 
zine about a change of ad- 
dress, they simply call 
customer service. But the friendly 
voice on the other end of the line 
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SCOTT NIBAUER 


isn’t a human call center representa- 
tive. It’s a virtual agent — a speech- 
enabled application that can under- 
stand and respond to requests from 
the customer. | 
If TV Guide’s 40 million customers | 
have any qualms about speaking with 
a machine, they aren’t complaining. 
One reason may be that using the 
system is easier and faster than talk- 
ing to a live representative, says 
Steve Martin, executive director of 


| reducing telecommunications and 


staffing costs, Martin says. 
Long considered overly expensive 


| and complicated, speech-enabled 
| applications are finally beginning to 


deliver bottom-line benefits, says 
Daniel Hong, an analyst at Data- 
monitor PLC in New York. Today, the 
systems can eliminate the old, stilted 
voice recordings used in interactive 
voice response (TVR) systems and 
add a more friendly voice-user inter- 
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face (VUI) that understands natural, conversation- 
al language. The VUI accepts verbal input rather 
than requiring the caller to enter information from 
a touch-tone keypad. 

State-of-the-art speech-enabled systems can cut 
through complex and confusing touch-tone menu 
hierarchies used in traditional dual-tone multi- 
frequency (DTMF) systems by allowing users to 
say exactly what they want and then jump directly 
to that function. Speech-enabled systems are 
faster than touch-tone IVR systems for 
more advanced transactions and are 
more efficient at tasks like accept- 
ing alphanumeric serial numbers. 

Competition in the speech- 
enabled applications market 
has increased, and prices have 
dropped by 30% over the past 
five years, according to Data- 
monitor. The emergence of open 
platforms built around standards 
such as VoiceXML and Speech Ap-  %, 
plication Language Tags (SALT) has 
fostered the competition, spurring new 
entrants such as Microsoft Corp.’s Speech 
Server, which debuted last year. 

The proprietary IVR system hardware and soft- 
ware in common use today are gradually being re- 
placed with industry-standard servers with plug-in 
telephony cards. Vendors of speech-enabled IVR ap- 
plications typically work with multiple speech en- 
gines, which provide basic speech-recognition, au- 
thentication and text-to-speech technology. Most of- 
fer prebuilt components that can be assembled into 
custom and packaged vertical-market applications. 

The trend toward the use of prebuilt modules and 
reusable components has made the construction of 
speech-enabled applications easier. “Right now, 
we're on the brink of going from the early adopter to 
the pragmatist phase,” says Hong. Although only 
about 7% to 10% of currently installed IVR systems 
will be speech-enabled this year, one in three new 
systems ship with the capability, and 50% will by 
2009, according to Hong. 

The real potential of speech technology lies in new 
applications rather than in the replacement of func- 
tions handled by touch-tone systems, says Steve 
Coplan, an analyst at The 451 Group in New York. 

Building on its initial success, TV Guide is adding 
caller self-service features. “We’ve expanded it to do 
surveys and to handle our in-house employee direc- 
tory,” Martin says. And the system will soon handle 
online subscription payments as well. 

Gtech Holdings Corp. in West Greenwich, R.L., has 
begun using the technology to automate field-service 
calls for retail machines it maintains for government 
lotteries. “It’s cumbersome to collect [alphanumeric] 
serial number information via a DTMF application” 
that takes 3 million calls annually, says Mike Sax, di- 
rector of global technology services. A voice-enabled 
system changed that. “We saw a 15% increase in ac- 
ceptance almost out of the gate,” Sax says, adding 
that he expects the system to pay for itself in 18 
months. 

Despite the advantages, speech-enabled applica- 
tions still require specialists to perfect the VUI, cus- 
tomize “grammars” that the speech engine recog- 
nizes and tune the systems to improve accuracy. 


10 
million 
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“They’re cheaper to implement relative to where 
the technology was but still require a lot of tuning 
and manual overhead to get the applications up 
and running,” says Coplan. 

Users shouldn’t expect the systems to be perfect 
right away, adds Martin. “When we first started, we 
were getting about 40% success rate,” he says. With 
tuning, that rate has climbed to more than 70%, and 
Martin expects the system to top out above 80%, 
which he says is acceptable. Dialogues are 

carefully constructed so when the system 
fails to interpret a request, the caller 
may transfer to a live operator or 
use touch-tone keys to complete a 
transaction. Failures are tracked 
by the system, which is periodi- 
cally tuned to improve accuracy. 
That process can’t be rushed, 
says Casey Lewis, a software de- 
velopment manager at DST Sys- 
tems Inc. in Kansas City, Mo. DST 
provides customer service out- 
sourcing for mutual fund companies 
and their more than 90 million share- 
holders. The company uses a natural-language 
system from Edify Corp. in Santa Clara, Calif., that 
allows callers to perform activities such as checking 
their balances and redeeming shares. 

While DST’s staff handled much of the program- 
ming and construction of the system, a lot of the 
nine-month deployment effort was spent on multiple 
iterations of tuning — an area where the staff had lit- 
tle experience. “Don’t hesitate to rely on vendors 
who can provide expertise,” Lewis advises. 


Finding Your Voice 

Just as tuning is important, developing a user-friend- 
ly VUI is also critical. At American Savings Bank 
(ASB) in Honolulu, success meant tuning the system 
to understand local dialects as well as creating a 
friendly virtual agent that would become part of the 
bank’s brand image. The institution, which takes 
more than 300,000 calls per month, already had a 
touch-tone IVR system. “Our local competition 
doesn’t have speech, so it was an opportunity to be 
first,” says Renee Lum, assistant vice president and 
manager of the bank’s customer service center. 

Lum brought in Dallas-based InterVoice Inc. to 
help develop its virtual agent and tune the system. 
“The personality for the voice was very important. 
We got down to her age, her hobbies and how many 
kids she had,” says Lum. ASB then hired professional 
talent to record the voice and worked with Inter- 
Voice to develop the dialogues. “There were a lot of 
tuning cycles,” Lum says. The system needed to rec- 
ognize local words such as aloha, as well as local 
pronunciations for words like four, which sounds 
more like “foa.” Testing with real users helped to re- 
fine the pace and pitch of interactions. The feedback 
also helped ASB refine dialogues by replacing con- 
fusing words like debit with the more straightfor- 
ward withdrawal, for example. 

“We did the tuning and testing, and it was one of 
the biggest success factors,” Lum says. The system 
runs in parallel with the existing touch-tone system. 
Unfortunately, 94% of callers still press 9 to go to the 
touch-tone system as soon as they call in, bypassing 
the voice interface. Those customers have memo- 
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rized the touch-tone options and in some cases may 
not even realize that a new option exists, Lum says. 
“We haven't been able to market it yet as we'd like 
to,” she says. 

For its part, DST addressed that challenge through 
careful scripting of the initial call dialogues, accord- 
ing to Lewis. By making some adjustments, DST was 
able to retain 80% of callers within the speech-en- 
abled system. “The way you build that [script] has a 
lot of impact on what your speech-recognition reten- 
tion rate will be. We discourage scripting that lets 
people press [the star key] and go right to the touch- 
tone system,” Lewis says. 

Although the technology has improved, the under- 
lying complexity of speech application development 


| remains a challenge, says Coplan. “There’s no real 


abstraction layer to separate out the complexities of 
the speech-recognition engine,” he says, and that 
makes the development process more complicated 
than it should be. Ultimately, the key to success may 
be the continued development of middleware from 
vendors such as Microsoft and IBM. But so far, the 
vendors have had little success, Coplan says. 
Datamonitor’s Hong agrees that the technology is 
still evolving but says that the development of pre- 
built modules means that users can build a speech- 
enabled application without doing the kind of low- 
level programming that used to bog down such proj- 
ects. A speech-enabied IVR can pay for itself in 12 to 


8 Ge SE RR Ger 
VOICE-ENABLED APPS 


PROS 

= Easier for callers. Support for natural language allows cus- 
tomers to say what they want instead of navigating through a 
hierarchy of touch-tone menu options. 


® improved standards. The evolution of standards such as 
VoiceXML and SALT have increased competition and helped 
push down prices. 


® Easier to build. Prebuilt, reusable components facilitate 
application development and deployment. 


CONS 

& Some assembly required. While packaged applications for a 
few vertical markets are available, most deployments require 
custom development as well. 


= Deployments take time. It can take a year or more to devel- 
op and fine-tune a sophisticated voice-enabled application. 


@ You'll need help. Professional services can add up to more 
than half of the project cost, analysts say. 


24 months through cost savings alone and may also 
offer a competitive advantage, Hong says. “It im- 
proves customer service while reducing costs for 
the company,” he says. “You should be looking at 
speech right now, doing pilots in a small footprint.” 


@ 56026 


MORE ONLINE 


Speaking in Standards: A look at standards that are paving the way 
for open product architectures: QuickLink 56035 


Gracious Host: Using a hosted service can help alleviate the upfront 
costs of developing and maintaining voice-enabled call center apps: 


QuickLink 56033 
www.computerworld.com 
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N SOME DATA CENTERS, you 

can still find water pipes under 

raised floors that were once used 

to cool mainframes. And the idea 

of turning that water on again to 
cool off hot electronics is something 
that chills longtime IT professionals 
like Chad Gerbick, manager of opera- 
tions at Kent State University in Ohio. 

“I remember the water-cooled main- 
frames, and it was just such a hassle 
with that stuff because you always had 
to worry about water under the floor 
and pipes and the quality of the water,” 
says Gerbick. “[Water cooling] is an- 
other point of failure that I wouldn’t 
want to deal with.” 

Gerbick’s reaction to the idea of 
bringing water close to very expensive 
electronics is widely shared among IT 
managers. But as server performance 
and density rise, water cooling may 
gradually move back into the main- 
stream of data center technologies. 

Water cooling “is very definitely a 
viable technology and a necessary 
technology,” says Bob Sullivan, a con- 
sultant at The Uptime Institute in San- 
ta Fe, N.M. “Heat loads are going up so 
drastically that there is going to be no 
other way to cool these high heat den- 
sities other than water cooling.” 

Sullivan is hardly alone in this belief. 
Ken Baker, a data center infrastructure 
technologist at Hewlett-Packard Co., 
says that water cooling is “inevitable.” 

“The unrelenting power increase ... 
is forcing [users] to look at new ways 
to cool the hardware,” says Baker. 
“Real-estate constraints will drive this.” 


Recognizing Limitations 

The upper limit of air cooling alone in 
a single cabinet is about 10 kilowatts, 
says Baker. But power demands will 
continue to rise. For instance, Baker 
estimates that a 1U (1.75 in. high) serv- 
er that draws 350 watts today will in- 
crease to more than 600 watts over the 
next few years. At today’s levels, 1Okw 
would equal about 30 servers. 

Large rack systems with 98 blades 
in seven chassis can consume as much 
as 24kw of power. Data center man- 
agers typically fill just half the rack 
space to keep temperatures down, but 
that means spreading out the servers, 
which uses more floor space. 

“The water scares the heck out of 
folks,” says Thomas Roberts, director 
of data center operations at Novi, 
Mich.-based Trinity Health, which op- 
erates hospitals and outpatient facili- 
ties. His data center, which was built 
two and a half years ago, has 100% 
more cooling than it needs. “I view 
[water cooling systems] as being 
needed in an environment where 
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you have no scalability,” he says. 

That’s what vendors believe as well. 
They think early adopters of water 
cooling systems will be those with fa- 
cilities in urban areas, such as Globix 
Corp.’s data center in London’s busi- 
ness district. 

In March, Globix, which provides 
networking and infrastructure services 
to businesses, installed a cooling sys- 
tem for its high-density racks. The 
InfraStruXure High Density system 
from American Power Conversion 
Corp. (APC) in West Kingston, R.L., 
is a self-contained data center with air 
and water cooling systems for Globix 
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As server heat loads grow, 

| vendors are reintroducing 

water cooling options — 
and stoking old fears. 
By Patrick Thibodeau 


servers that consume I5kw in a rack 
containing some 80 blades. 

“We found we did not want to be an 
[Internet service provider] that kept 
throwing space at the problem,” says 
Philip Cheek, U.K. managing director 
at New York-based Globix. 

The APC system uses water to help 
cool the system and can handle up to 
20kw, says Dave Brooks, facilities man- 
ager at the Globix London center. He 
expects to reach that level someday. 
The water connections are welded, 
and the system poses “no more risk 
than a standard unit,” he says. 

Vendors are beginning to turn out 


SOURCE: AMERICAN POWER CONVERSION CORP 
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products that use water, but approach- 
es vary widely. Last month, IBM re- 
leased a water-cooled door capable of 
handling 15kw of heat that can be fitted 
on its enterprise server rack. 

APC also has a unit that can handle 
about 18kw of heat and is fully en- 
closed — almost like a refrigerator. 
The APC unit can be operated outside 
a data center. 

Not all liquid cooling systems use 
water. Liebert Corp. in Columbus, 
Ohio, is using a refrigerant in some 
of its cooling products. 


New Designs 

One sign that the idea of water cooling 
is regaining credence is that newer data 
centers are being designed to poten- 
tially handle water. Some are moving 
wiring to the ceiling and walls and are 
limiting or eliminating raised floors. 

While water cooling units are begin- 
ning to appear on trade show floors, 
Ron Miglini, president of the Dallas/ 
Fort Worth chapter of AFCOM, says 
the issue of water cooling rarely comes 
up at meetings of his group, an associa- 
tion for data center professionals. But 
Miglini, who is also president of Sealco 
Inc., a company in Richardson, Texas, 
that cleans data centers and improves 
air flows, says newer data centers are 
being built with utility trenches that 
can isolate water supplies from electri- 
cal wiring. 

Data center cooling is a top issue 
for data managers, who are largely 
addressing cooling needs by carefully 
laying out data centers. But as server 
densities increase and equipment is 
added, users will have to either expand 
the size of their data centers for new 
generations of servers that have im- 
proved price/performance but con- 
sume more power, or they'll have to 
look at cooling system that use fluids. 

Gordon Haff, an analyst at [llumina- 
ta Inc. in Nashua, N.H., says IBM’s re- 
cent entry into the water cooling sys- 
tems market will add a lot of credibili- 
ty to the idea of using fluids to pull 
heat out of the data center. He believes, 
however, that adoption of water-based 
systems will remain small and in the 
category of specialty devices. 

Charles King, an analyst at Pund-IT 
Research in Hayward, Calif., says com- 
panies “tend not to want to update 
their data centers every few years.” He 
views water-cooled systems, such as 
IBM’s, as stopgap measures. 

IBM’s new rack-cooling device is al- 
lowing data center managers to “buy 
some time and get a few more genera- 
tions out of their facilities before they 
think about having to rebuild or retro- 
fit,” says King. @ 56076 
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ISCUSSIONS of 

computer perfor- 

mance are typi- 

cally dominated 

by references to 
measures such as MIPS, MHz 
and MFLOPS. 

But Wu-Chun Feng, a com- 
puter architect at Los Alamos 
National Laboratory in New 
Mexico, expects that to change 
during this decade. He says it’s 
time for the computer commu- 
nity to adopt alternate metrics 
for evaluating performance. 
“It’s about more than speed; 
it’s about reliability, availabili- 
ty and efficiency,” he says. 

It’s more than an esoteric 
semantic point. ASC Q,a 
giant supercomputer at Los 
Alamos, has 8,192 processors, 
and although each one is ex- 
tremely reliable (as well as 
fast), there are so many of 
them that the machine overall 
fails about 114 times a month, 
or once per eight-hour shift. 

The problem is heat, Feng 
says, and it’s not just an issue 
in supercomputers. The power 
consumed and the heat given 
off per unit area in processor 
chips increases with Moore’s 
Law, doubling every 18 to 24 
months. Indeed, the power 
density of commodity proces- 
sor chips used in PCs today is 
on a par with that inside a nu- 
clear reactor. And the failure 
rate of a processor doubles 
with every increase in temper- 
ature of 10 degrees Celsius (18 
degrees Fahrenheit), Feng says. 


Running Cooler 


But researchers are inventing 
clever ways to keep reliability 
up by keeping heat and power 
consumption down. 

In 2002, Los Alamos built a 
240-node computer called 
Green Destiny. For two years, 
it ran without a single failure 
in a dusty, unventilated ware- 
house where the average tem- 
perature was 85 F. The magic: 
It used processors from Trans- 
meta Corp. that consumed just 
6 watts each. In comparison, 
mainstream microprocessors 
at the time consumed about 
100 watts. 

Green Destiny’s low-power, 
low-heat, high-reliability char- 
acteristics came from its ar- 
chitecture, independent of the 
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Because of heat, the 8,192-CPU supercomputer at Los Alamos fails about 114 times a mo 


Coming just in time: power-miser 
processors. By Gary H. Anthes 
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applications running on it. But 
now Feng and his colleagues 
are developing software that 
can alter the processor’s pow- 
er consumption depending on 
the moment-to-moment needs 
of the application. 

The power drawn by a proc- 
essor is proportional to its fre- 


computers today can 
scale back frequency 
and voltage after some 
period of user inactivi- 
ty in order to conserve 
battery power. But 
that’s not feasible in a number- 
crunching scientific computer 
or a big transaction-processing 
server. “The CPU almost al- 
ways looks busy compared to 
doing a Microsoft Office doc- 
ument,” Feng explains. 

So the lab has developed 
and is now enhancing “dy- 
namic scaling” software that 





learns the characteristics of 
the application as it runs. It’s 
able to anticipate when the 
workload will shift significant- 
ly from CPU-intensive opera- 
tions to various off-chip func- 
tions that don’t require high 
CPU clock speed and voltage 
and then temporarily scale 


quency and voltage. Notebook | them back. This technique has 
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WATCH 


yielded a reduction in 
power consumption 
of as much as 70%, 
but performance has 
degraded only 1% to 
5% for uniprocessor 
applications, Feng says. 

Power savings from this 
technique average about 25%, 
he says. “If you save 25% on 
power, that’s 25% more proc- 
essors I can add to my system 
and still be in the same ther- 
mal envelope.” 

Rather than do this scaling 
in runtime software, the same 





thing might be accomplished 
by having programmers in- 
strument their code so that 
power reductions are called 
for at the point where signifi- 
cant off-chip functions begin. 
But that puts too much of a 
burden on programmers, who 
are already struggling to write 
code for parallel operations, 
Feng says. Another idea is to 
have the compiler do it, but 
the compiler can’t know what 
data the program will en- 
counter, and much of the need- 
ed voltage and frequency scal- 
ing is data-dependent, he adds. 
Feng says the concept could 
be applied to transaction proc- 
essing, Web services or data- 
base servers, in which there is 
a great deal of I/O that doesn’t 
require full CPU power. He 
says that for companies that 
have many thousands of 
processors, such as Google 
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Inc., the driving technical ob- 
jective isn’t to have the fastest 
processors but to have high re- 
liability in a small footprint. 
“For Google, space is money, 
power is money,” he says. 

Los Alamos has limited its 
research so far to dynamic scal- 
ing of processor metrics, but 
the concepts could be applied 
to other parts of systems, Feng 
says, even to mechanical com- 
ponents. “If you could profile 
disks so that you know when to 
spin things up and down, you 
could save quite a bit of ener- 
gy,” he says. And one might do 
voltage and frequency scaling 
on the processors embedded 
in network cards and video 
graphics cards, he adds. 


More Buttons 


Indeed, researchers are begin- 
ning to apply similar monitor- 
ing techniques to all aspects of 
power and to all parts of the 
chip, says Babak Falsafi, asso- 
ciate professor of electrical 
and computer engineering at 
Carnegie Mellon University in 
Pittsburgh. 

“On the processor chip, and 
even on the DRAM memory, 
you are going to see fine- 
grained resource scaling, such 
as voltage and frequency scal- 
ing,” Falsafi predicts. “It’s 
across the entire chip now, but 
you'll have tighter control over 
the various resources so you'll 
be able to do scaling within 
the chip itself, which will give 
you a lot more buttons to push 
and a lot more flexibility.” 

For example, Falsafi and his 
students developed cache 
memory architectures that 
monitor program behavior at 
runtime and “autoconfigure” 
to adapt to the required cache 
size and organization. Unused 
cache sections are placed in a 
sleep state so they draw no 
current. Future designs will 
incorporate such resource 
scaling across all chip struc- 
tures to save power, he says. 

Will all computers, from 
notebooks to supercomputers, 
employ these techniques 
someday? “They'll have to,” 
Falsafi says. “Going into 2015, 
we'll have hundreds of billions 
of transistors on a chip. We 
don’t have the power budget 
for that.” @ 55890 





www.computerworld.com 


TECHNOLOGY — 


i 
i 
i 
i 
i 
i 
i 
: 
I 
i 
i 
i 
4 
t 
i 
I 
i 
5 
fi 
i 
j 
4 
i 
s 
i 
j 
a 


Robotic Camels Are Next 


This camel race in Qatar features robotic 
jockeys. The 15-kilogram high-tech riders 
replace thé small boys who have traditional- 
ly sailed the ships of the desert toward the 
finish line in countries throughout the Mid- 
dle East. New laws in several countries pro- 
CMe U CE CME CR ECR am Tre 
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camel jockeys. The robot riders are remote- 
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response to the performance of their camels. 





Spam Delivers 
For Snake-Oil, 
Stock Scams 


@ E-MAILS peddling questionable medications 
and low-interest loans continue to irk computer 
users and clog corporate networks as the most 
common types of spam, according to security ven- 
dor Sophos PLC. But a relatively new category of 
junk e-mail - stock scams - is becoming increas- 
ingly prevalent. 

Researchers from SophosLabs analyzed the 
spam received in its global network of spam traps 
during the first six months of the year. They found 
that the number of “pump and dump” stock scams 


Lee 
maaan 
The Web 


eee merle) 

loom invented by French silk weaver 
PYRO mellem 
1801. It used holes cut in pasteboard 
punch cards to control the weaving of 
patterns in fabric. The loom enabled 
even unskilled weavers to create com- 
plex designs. Each punch card corre- 
sponded to one row of the design, and 
the cards were strung together in order. 

BRM rer ln Ole R VCR URL GUT 
chine to use punch cards to control a se- 





quence of operations. Although it did no 
computation based on them, it’s consid- 


controlled but are programmed to automati- 





id increased by an average of 10% per month 
over the first half of the year, to the point where 
they now account for 8.5% of all spam. 

Pump-and-dump campaigns tend to run for 


| short durations, keeping overall volume low 


Although some of the information provided is 
accurate, the deceptive and unsolicited nature 
of the messages qualifies them as spam. Unso- 
licited medication e-mails, including offers for 
generic or non-brand-name versions of Viagra 
and other pharmaceuticals, accounted for more 


| than 40% of all spam traffic. 


The good news is that pornographic spam is 
trending downward, though it still accounts for 
10% of all junk e-mail, according to Sophos. 
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ered an important step in the history of 
computing hardware. The ability to 
change the pattern of the loom’s weave 
by simply changing cards was an impor- 
tant conceptual precursor to the devel- 
opment of computer programming. 

Specifically, Charles Babbage planned 
to use cards to store programs in his An- 
Fre eM Me ee RUT Ly 
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Rue ll Ce 

Variations on Jacquard’s punch cards 
TOM CUCINA A CT rmm iC Rho 
senting the music to be played by auto- 
mated pianos popular in the 19th and 
early 20th centuries. Herman Hollerith 
used punch cards for tabulating the 
1890 U.S. census. © 56101 
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Chips With Nanotube 
Sprinkles From UPenn 


@ PHYSICISTS at the University of 
Pennsylvania have developed a method 
to create functional electronic circuits by 
dipping semiconductor chips into liquid 
suspensions of carbon nanotubes rather 
than growing the nanotubes directly on 
the circuits. 

Nanotubes, tiny tubes composed of 
carbon atoms, can be either semicon- 
ducting or metallic, the latter being highly 
conductive to electricity. Semiconducting 
nanotubes make exceptional transistors, 
which is why so much attention has been 
devoted to finding a way to use them in 
electronics. 

Most nanotube circuits have been 
made by growing nanotubes on the 
surface of a chip. Unfortunately, this 
method results in a circuit comprising 
both types of nanotubes with large 
diameters. Small-diameter nanotubes 
are better for switches. 

The UPenn researchers said they can 
create a large batch of small-diameter 
nanotubes in solution and separate out 
the semiconducting nanotubes. Then 
they can place them in the proper posi- 
tions on a patterned silicon chip. 

They deposit the nanotubes by dipping 
a chip covered with a gluelike substance 
into the nanotube solution, and then they 
wash off the excess glue and whatever 
solvents remain. “We dip the chips into 
nanotubes, much like dipping an ice 
cream cone in candy,” said Danvers 
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circuit by interconnecting gold contact 
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Johnston, a graduate student in associate 
professor A.T. Charlie Johnson's laborato- 
ry and Jead author of the study. The result- 
ing circuits take advantage of the unique 
electrical properties of nanotubes and 
can be produced in bulk. 

“The only way to make faster proces- 
sors is to cram more transistors together,” 
says Johnson. “Nanotubes are about the 
the more densely they can be packed on a 
chip, the faster the chips can become.” 
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Intellectual Property 
Is Focus at New Jo 


Our security manager starts a new position 
with a mandate to keep company IP from 
walking out the door. By Mathias Thurman 


RECENTLY RESIGNED my 
position after four years to 
become security manager 
for a hardware maker. I typ- 
ically change jobs every few 
years, for a couple of reasons. 
The first is to be exposed to 
different types of technol- 
ogies, business models and 
cultures. To be effective in the 
information security field, it’s 
important to broaden your 
horizons, much as consultants 
who work on short- 
term projects do. 

The second reason 
is career enhance- 
ment and salary. We 
all have short- and 
long-term goals. 
Sometimes, in order 
to attain the next level in ca- 
reer progression, you have to 
take a new position in a new 
company. Of course, there’s 
usually a change in title and 
an increase in compensation. 

I started the new position 
about three weeks ago. Right 
now, I have a staff of two full- 
time security engineers serv- 
ing a company of about 8,000 
employees that has offices in 
North America, Europe, Asia 
and the Middle East. 

The company had no securi- 
ty manager for almost a year, 
and with security absorbed by 
multiple departments, there’s 
been no real direction. One of 
my short-term projects will 
be to develop a security road 
map and include enough proj- 
ects to warrant an increase in 
staff. I hope to expand to six 
employees. 


Win-Win-Lose 

Shortly after being hired, I was 
presented with a high-priority 
problem that can’t be solved 
quickly. My new company 
makes very delicate equip- 





SECURITY 
MANAGER'S 
JOURNAL & 





ment that needs to be calibrat- 
ed and maintained frequently. 
In order to deliver this level 
of support, the company pub- 
lishes technical manuals that 
the service technicians use 

as they work on the various 
pieces of equipment the com- 
pany produces. This service 
business represents a signifi- 
cant portion of the company’s 
overall revenue. 

The problem is that we’re 
losing field service 
technicians and 
support customers. 
Some technicians 
have been quitting 
and then using the 
service manuals we 
produce so they can 
work as technical consultants 
for our customers at a dis- 
counted price. This is a win- 
win-lose situation, and it’s my 
company that’s the loser. 

That’s just the beginning 
of our problems with holding 
on to intellectual property (IP). 
CAD/CAM drawings, source 
code and other engineering 
documents are also at risk of 
falling into the wrong hands. 


| To make matters worse, a sub- 


stantial amount of our design 
and engineering work is done 
overseas for cost reasons, and 
we don’t have as much con- 
trol, jurisdiction or recourse in 
relation to what foreign em- 


IP protection is 
generally approached 
using one of two major 
classes of products 
and technologies. 





| ployees do. Plus, the culture in 


some of these places encour- 
ages industrial espionage as a 
way to stimulate the local 
economy. 

We don’t want to see a com- 
petitor come out with a prod- 
uct similar to ours, designed 
from our engineering docu- 
ments. Making sure that this 
doesn’t happen is a major 


| strategic objective for the 


company, and I have been as- 
signed to figure out how we’re 
going to protect this intellec- 
tual property. So here I am, 
just a few weeks on the job, 
with all sorts of security issues 
to deal with, and I have to 
spend the majority of my time 
addressing IP protection. 


Schools of Thought 


IP protection is generally ap- 
proached using one of two 
major classes of products 

and technologies, which rep- 
resent two distinct schools of 
thought. The first involves 
monitoring activity. Software 


| is installed on each employee’s 


desktop so that we can moni- 
tor how individuals handle IP 
and can then take action such 
as blocking or reporting. We 


| can also monitor the network 


traffic and look for key words 
or phrases indicative of our IP 
leaving the company. 

The other school of thought 
is to employ digital rights 
management (DRM) and its 
cousin, enterprise rights man- 
agement (ERM). DRM allows 
you to “wrap” a document. 
The document is encrypted, 
and the wrapper contains in- 
formation on who can read the 
document and what rights 
each person has for control- 
ling the document. If executed 
properly, DRM can effectively 
address concerns about docu- 
ments leaving the company. If 
the recipient of a document 
isn’t authorized to view it, 
then the document is useless 
to that individual. The trick 


is making sure that DRM is 
deployed properly; if it isn’t, 
the protections it can afford 
are lost. 

To address my company’s IP 
protection needs, I may end 
up using both technologies. 

I wanted to get a better un- 
derstanding of the DRM tech- 
nology, so I attended a recent 
conference in New York. As 
it turned out, it seemed as if 
about 70% of the attendees 
were in the entertainment in- 
dustry, meaning that they 
were interested in what DRM 
technology can do protect IP 
in the form of digital music 
and video. This made me sus- 
pect that this technology is for 
the most part still in its infan- 
cy when it comes to ERM, and 
that suspicion was confirmed 
for me after I attended some 
of the sessions and spoke to 
the vendors. 

No single company’s prod- 
uct can address all of my 
needs. For the short term, I’m 
looking for a way to protect 
Adobe PDF files and Micro- 
soft Office documents, which 
are used for the majority of 
our most valuable IP, such as 
those service manuals. But as 
I mentioned, we also need to 
protect CAD/CAM docu- 
ments, source code and other 
types of IP. 

The problem is that there 
aren’t any products designed 
to protect everything. Some 
are good at protecting PDFs 
and Office documents but can 
do nothing to keep source 
code safe. Others do a good 
job of protecting CAD/CAM 
drawings but don’t address 
Office documents. 

Over the next couple of 
months, I will take a more de- 
tailed look at this technology, 
set up a proof-of-concept proj- 
ect and see which vendors and 
| technologies best fit this very 
dynamic, out-of-control envi- 
ronment. DB 


WHAT DO YOU THINK? 


This week's journal is written by a real securi- 
ty manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
| @Icomputerworld.com/secjournal 
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SECURITY LOG 


is a priority for me, | enjoyed 
reading the chapter titled 
“Your intellectual Property 
isn’t Safe.” With tales of hack- 
ing casinos, phone phreaking 
within prison walls and more, 
this book provides insight into 
the mind of a hacker and the 
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Business Objects 
Supports Appliance 


Business Objects SA and Datalle- 
gro Inc. announced enhanced 
interoperability between 
BusinessObjects XI business in- 
telligence software and Datalle- 
gro’s data warehouse appliance. 
The appliance will enable XI to 
support more users, offer faster 
warehouse-loading times and 
increase ad hoc query capabili- 
ties. Datallegro’s appliances, 
which support up to 25TB of 
data, start at $450,000. 


Centennial Unveils 
DeviceWall 3.0 


Centennial Software Inc. has re- 
leased DeviceWall 3.0, software 
that protects against data theft 
and unauthorized network access 
by mobile devices. DeviceWall 
can also secure Bluetooth, infra- 
red and Wi-Fi connections. Pric- 
ing starts at $10 per seat. 


Progress Product 
Embraces Eclipse 


Progress Software Corp. an- 
nounced that it has joined the 
Eclipse Foundation open-source 
community and introduced new 
Eclipse-based development tools. 
OpenEdge Architect, which is part 
of Progress OpenEdge 10.1, is an 
environment designed to support 
application development in a 
service-oriented architecture. 
The software, due to ship next 
month, includes improved lan- 
guage capabilities and compo- 
nent services for developing 
applications. 


Tool for Wireless 
Support Debuts 


Devicescape Software Inc. an- 
nounced the Devicescape Wire- 
less Operations Center. The soft- 
ware, available now, lets help 
desk personnel and others check 
wireless access points to isolate 
and resolve problems. Pricing 
starts at $100 per managed 
access point for up to 10 APs. 


| 





ROBERT L. MITCHELL 


Awaiting the PC Killers 


HE MALICIOUS CODE enters your net- 
work undetected, rapidly infecting more 
than 100 machines. But this is no ordinary 
virus. Your antivirus and disk recovery 
tools can’t help, because the disk drives 
won’t spin up at all. The drives are toast. The PCs are 


completely inoperable. 


The era of microcode attacks has begun. 


Could viruses really 
attack the low-level 
microcode that makes 
disk drives run? It’s entire- 
ly possible, disk technol- 
ogy experts say. Dimitri 
Postrigan knows how such 
a virus might be created 
— but he’s not telling. 

Postrigan reverse-engi- 
neers and programs hard 
disk drives at ActionFront 
Data Recovery Labs. 

He says each disk drive 
has its own internal oper- 
ating system that enables the device to 
start up. The operating system micro- 
code resides in a special system area 
of the disk. “A virus could be written 
which would destroy the whole sys- 
tem area on a drive. This will make the 
drive and data almost unrecoverable,” 
Postrigan says. 

That nightmare scenario also both- 
ers Ben Carmichael, technical director 
of ESS Data Recovery. “In the data re- 
covery industry, we’ve been waiting 
around for this to happen. We’ve writ- 
ten programs to restore hard drives. 
We could easily write a program to 
destroy [them],” he says. He worries 
that others with fewer scruples could 
create a fast-spreading virus that caus- 
es massive destruction of data. 

The idea of a microcode attack goes 
beyond hard drives, says Thor Lar- 
holm, senior security researcher at 
PivX Solutions. Microcode is found 
in other PC components, including 
graphics cards, the BIOS and the CPU. 
Both Intel and AMD offer microcode 





utilities, complete with 
source code that could be 
used to physically damage a 
CPU by severely overclock- 
ing it, Larholm says. 

So, why haven’t such ex- 
ploits been more common? 
Fortunately, it’s not that 
easy to do. Viruses thrive 
on homogeneity. While all 
PCs may look the same at 
the Windows level, at the 
machine level, things can 
be very different, making a 
broad attack more difficult 

to pull off. 
Years ago, someone wrote a virus 


| that attempted to overwrite the flash 
| memory area of a PC’s BIOS, but its 


success was limited because there are 
so many different BIOS implementa- 
tions, says Sean Barry, remote data 
recovery manager at Ontrack Data 


Recovery. 


Similarly, the way in which one ac- 
cesses the service area of a hard disk 
varies by manufacturer. That means a 
virus would have to include code for 


| each brand its creator wanted to tar- 


get. The proprietary tools and codes 
required also aren’t readily available 
to the layperson. Postrigan says he 
personally has tried to find such infor- 
mation on the Internet and through 
other channels, without success. He 


gained the knowledge through the 


time-consuming process of reverse- 
engineering the products. 

But Carmichael says that knowledge 
is spreading. Old hard drives are rou- 
tinely shipped to Russia, where the 








| business of repairing old hard disk 


drives for resale is flourishing. He 
notes pointedly that many viruses 
today come from that region. How big 
a step would it be for that information 


| to be shared? 


Very big, says Bruce Schneier, chief 
technology officer at Counterpane In- 


| ternet Security. Disk drive experts may 
| reside in the same country as mali- 


cious hackers but that doesn’t mean 
the two groups are any more likely to 


| share information than they would in 


the U.S., he says. 
In addition, professionals like 


| Carmichael and Postrigan, who have 


the determination to develop such 


| skills, tend to develop a sense of moral 


responsibility. “Society is saved by that 
a lot,” Schneier says. 

The public may also give virus writ- 
ers too much credit. Most simply 
aren’t that good. Existing viruses tend 
to be quite buggy, while efforts at 
more difficult, hardware-based at- 


| tacks, such as attempts to overwrite 


disk controllers, have attained only 
mediocre results, Schneier says. Most 


| writers look for the easiest route to 


destruction. Why do all that research 


| when you can simply erase the data? 


Schneier thinks that only one type 
of organization would be likely to ap- 


| ply the skills necessary to pull off such 


attacks. “You can imagine that the gov- 
ernment has in its back pocket mali- 
cious code that does these sort of 
things for military use,” he says. 
Nonetheless, while an imminent at- 
tack by virus writers may be unlikely, 
Schneier acknowledges that ultimate- 


| ly, Carmichael may be right. “Sooner 


or later, someone is going to say, ‘Let’s 
really hurt people.’ It’s unfortunate,” 
he says. That possibility — a remote 


| one, I hope — is just one more reason 


to keep your antivirus software up to 
date. @ 56155 
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AFTER A LONG DROUGHT, 


IT JOBS ARE NOW GROWING. 
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Managers’ Forum 

How does a busy IT leader 
learn to say no? Paul Glen has 
a suggestion that can’t miss, 
along with other advice for 
IT managers and pushback 
from readers. Page 37 


| 
| 
| 





Truman Medical Center’s DESTINY MONEYSMITH (right) overcame her initial hesitation and 


a 


Career Watch 


CIO Andrew Armishaw of HSBC offers IT 
career advice. Plus, a study provides insight 
into how confident IT workers are about 
holding on to their jobs, and a poll reveals 
that interest in computer science continues 
to wane among undergrads. Page 40 


learned to lead with the help of Ouellette & Associates consultant Gwen Walsh. 


This IT project 
manager was 
skeptical about 
taking on a per- 
sonal coach. 

oix months later, 
she's a believer. 


BY KATHLEEN MELYMUKA 


HEY DON’T call Missouri 
the Show-Me State for 
nothing. People there aren't 
easily taken in by claims 
and promises; they want 
proof. So it isn’t surprising 
that when IT project man- 
ager Destiny Moneysmith 
found out last fall that she 
was about to get a personal 
coach, she was less than enthusiastic. 
“I was very skeptical,” she recalls. “My 
past experience with consultants on 
projects had been less than satisfactory.” 
Why was Moneysmith, who had 
worked in IT at Truman Medical Cen- 
ters Inc. (TMC) in Kansas City for 
three years, getting a coach? CIO Bill 
McQuiston had selected her to lead a 


SHOW IVie 








OPINION 


CEOs: Think Through 
Your CIO Choice 


Paul Ingevaldson says one type of CIO 
doesn’t fit all companies. He offers 
CEOs some critical advice about how 
to choose the right one. Page 41 


| three-person team in an organization- 


wide information needs assessment. 
“We would be asking executives, ad- 


| ministrators, directors and managers 
throughout the business about infor- 


mation needs, ranging from data and 
systems needs to information to take 
care of patients, to information needed 


| to run day-to-day operations — 
| basically any information that flows,” 
| Moneysmith said, describing the start 


of the project. 
But McQuiston noticed that the team 


| had a hard time getting started. 


“There was some intimidation 
about working with the highest people 
in the organization and some confi- 


| dence issues about whether they could 


accomplish a project of that magni- 
tude,” he says. 

McQuiston decided to engage a 
coach to walk Moneysmith and the 
team through the process. Enter con- 
sultant Gwen Walsh from Bedford, 


| N.H.-based Ouellette & Associates 
| Consulting Inc., a firm TMC had 


had good experiences with in work- 
shops and related services. Here’s how 


the coaching engagement played out: 


| OCTOBER 2004 


McQuiston asks Moneysmith and 


| Walsh to talk, and they have the first of 
| several phone conversations about the 


project and what Walsh can bring to it. 
Walsh immediately picks up on 


| Moneysmith’s hesitancy about being 


coached. “I’m getting that you're not 


| trusting me,” she tells the project man- 


ager, who confesses her lack of enthu- 
siasm for the idea. 
Walsh responds by talking about her 


| experience with similar IT projects, 


and Moneysmith agrees to give it a try. 

They follow up with several calls and 

e-mails before the engagement begins. 
In those early conversations, Money- 


| smith talks about what she wants: help 


with the project charter, strategies and 
work breakdown structure. “If we had 
extra time, I had other things we could 
work on,” she recalls. “I wanted to 

make sure we got our money’s worth.” 
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NOVEMBER 2004 


Walsh begins providing TMC’s team 
with the nuts-and-bolts skills required 
to manage the needs assessment. By 
late November, the team is document- 
ing requirements, strategies and the 
project charter and plan. And Walsh is 
broadening her contribution. “We saw 
that she had all these other skills, so 
we tapped her for all the resources we 
could get,” Moneysmith says. 

Walsh begins working on each team 
member’s personal development, of- 
fering tips and techniques to practice 
on one another. 

“One of the things was body lan- 
guage,” Moneysmith says. “When we 
sat in meetings, we tended to nod that 
we understood. But Gwen coached us 
that this is often perceived as ‘I agree,’ 
not just ‘I understand and am listen- 
ing.’ She pointed out that we might 
have been sending mixed signals. So 
now when we have conversations 
among ourselves, we say, ‘Hey, you’re 
doing it again — are you understand- 
ing or agreeing?’ ” 


DECEMBER 2004 


Walsh works on getting the team mem- 
bers to be more assertive. “We realize 
we need to be more verbal in meet- 
ings,” Moneysmith says. “My personal 
challenge is to ‘blurt.’ When things 
come up that bother me, I can’t sit 
back and think about it while nodding 
my head. I need to bring it out on the 
table.” 

The team members begin to speak 
up at departmental meetings, and they 
see results almost immediately. “It’s 
been very positive,” Moneysmith says. 
“When we have something to say, we 
say it, and people are listening to us.” 


JANUARY 2005 


As Walsh sees opportunities for devel- 
opment, she suggests tips and tech- 
niques, including the following: 

® Assertiveness: Recraft e-mails to be 
more direct when communicating with 
the boss. Instead of saying, “Can we do 
this?” say, “This is what we want.” 

® Empowerment: Instead of asking for 
permission to proceed, feel confident 
enough to move forward with your ideas 
and then send your manager a note. 

= Communication: Be firm and 
straightforward. Instead of sending 
wishy-washy messages that ask for 





help but give the recipient an easy out, 


| say, “This is what I need by this date.” 


® Difficult situations: Present the facts, 


| even if they are harsh, then work out a 
| solution. Focus on the data, process 


and fix 
As the team becomes more com- 


| fortable with Walsh, they add their 
| own items to the coaching agenda. 
| “We've opened up and asked for assis- 


tance,” Moneysmith says. “For exam- 
ple, in the hallway someone said, ‘Hey 
what do you actually do in your job?’ I 
took it as insulting, but Gwen said, 
‘This is an opportunity for you to mar- 


| ket yourself’ ” 


Walsh then helps the group to fash- 
ion “marketing lines, tag lines and 
comeback lines” to use in various 
situations. 


FEBRUARY 2005 


Team members have gained enough 
confidence to try stepping out of their 


| comfort zones. Previously, Money- 


smith had run the meetings with busi- 
ness people, but now the others try 
that role. “It’s safe because the other 
two are there to jump in and back you 
up if you need help,” she explains. 
“You're not by yourself.” 

Walsh continues to help the team 
improve its project management skills 
and personal skills in tandem. For ex- 
ample, they begin work on a project 
prioritization matrix by asking the IT 
directors how the company and IT pri- 
oritize projects. They find that the 
process is neither formal nor docu- 
mented. 

The team members formalize the 
process the directors describe, adding 
weights and values to rate and score 


llancurle 


The cost of a coaching engagement 
is highly variable. “Typically, you 
Cee etme MUM Mime) ibe 
ducted over time,” says Truman 
Medical Centers CIO Bill McQuiston. 
“Then you count on x days per 
month for preparation and on-site 
delivery. You estimate it based on 
what you’se trying to accomplish, 
FLOM Mier LMC UMM le) 
the scope, cost and time frame 
you're looking for.” 

For a good coach, you should ex- 
pect to pay $250 to $350 an hour, or 
about $2,700 a day, he adds. 

Was it worth it? “Absolutely,” 
McQuiston says. “Worth every cent.” 
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Smart managers don’t assign coaches to losers; they assign them to winners 
with great potential for growth. How can you tell if you or one of your staff 
would do well with a personal coach? Here’s what a good candidate 
for coaching looks like, according to Gwen Walsh, a coach at 
Ouellette & Associates Consulting. 


Thinks like a business leader 
Sees the big picture 


Acknowledges opportunities for 
self-improvement 


Semele camer 
alee etm Mal Lime cere 
Embraces change 
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any project through hard data rather 
than gut feel. Then they practice their 
soft skills. “When we took it back to 
the directors, we had to present that 
tactfully so they would accept it,” 
Moneysmith explains. “We didn’t want 
them to feel we were telling them how 
to do their jobs.” 

Moneysmith is stepping into her 
leadership role. She realizes that she 
has taken the coaching agenda out of 
Walsh's hands. “In the early meetings, 
I'd be rushing around making sure I 
got my action items done,” she recalls. 
“Now, I usually have an agenda.” 

“Blurting” has become so second na- 
ture that during departmental meet- 
ings, attendees turn to Moneysmith 
with an expectant “Aren’t you going to 
say anything?” 

“When she learned to blurt it out, it 
was like a light switch turned on, and 
she hasn't turned it off since,” Walsh 
says. 


MARCH 2005 


The project is nearly done. Walsh 
coaches the team on how to analyze 
findings, document their analysis and 
get buy-in from the departments on 
their methodology. Once the analysis is 
complete, they practice presenting the 
information to better handle difficult 
questions from the audience. 

In this final round, they are still 
simultaneously working on personal 
growth. Moneysmith’s new focus is 
delegating project tasks. 

“Gwen has helped me realize I can’t 
do everything,” she says. “She showed 
me how to stay connected but not do 
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Acts on advice 

Seeks clarification 
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Reflects on good and bad 
outcomes 
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the work — how I can still check up 
on it, but I don’t have to own it.” 


APRIL 2005 


The team gives its final presentation. 
“It went great — very smooth, and 
nothing they threw at us caused us any 
concern,” Moneysmith reports. A week 
later, after focusing on lessons learned, 
the group is ready for a new project. 

CIO McQuiston says the engage- 
ment was a big success. “I see a physi- 
cal difference [in Moneysmith],” he 
says. “I see a person who is more con- 
fident and more able to confront issues 
and ideas. She shows a lot more bold- 
ness, in a good way. 

“(The team] served up an end prod- 
uct that was on time, well organized 
and very useful,” McQuiston adds. 
“There’s no question the project was a 
success. It will serve as a guidepost for 
us developing our capital expenditure 
plan and everything else.” 

Everyone was impressed with the 
team, he adds. “And when I started to get 
‘Can they work on my project?’ I know 
there’s something positive happening.” 

Moneysmith knows it, too. “When I 
started out, I was kind of scared of the 
project; I hadn’t done something in 
this manner before. I questioned my 
ability and how everybody would re- 
act,” she recalls. “Now I don’t think I’m 
scared about tackling anything they 
throw our way.” @ 56055 


GET THE MOST FROM YOUR COACH 


Tips from a pro on how to get your money's worth: 
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alongside in “Readers Talk Back.” 


An industry group has asked me to 
% = do a speech. While flattering, it 
would be too much work, given the 

value to be gained by me or my organization. 
They are being very aggressive with their in- 
vitation, and I’m afraid that they may want 
to try to negotiate rather than take no for 
an answer. How do | say no politely without 
trashing the relationship? There are times 
when saying no is difficult without 
jeopardizing a professional relation- 
ship, especially when people are being 
very aggressive about their requests. 

In your case, telling the truth, the 
whole truth and nothing but the truth 
would probably be too harsh. At the 
same time, I’m not a big fan of little 
white lies. It’s best to stick to the facts. 

However, when people don’t want to 
take no for an answer, giving them too 
many facts is an invitation to a negotia- 
tion. They'll try to pin you down, prov- 
ing that you can do it after all. Before 
you know it, you'll not only be speak- 
ing at their conference, you'll also be 
hosting a panel and writing articles for 
their newsletter. 


MANAGERS 


FORUM 


The most effective approach is to 
stick to the facts about your own feel- 
ings. So I'd suggest a reply like this: 
“While I appreciate the invitation, I’ve 
already taken on a large number of 
commitments and don’t feel comfort- 
able taking on any more right now.” 

There won't be a discussion of how 
many commitments you have. It’s 
about your feelings about those com- 
mitments. Who can argue with that? 


When you have an outstanding 

employee and, because of the cor- 

porate rules, you can’t reward him 
with promotions and/or nonstandard salary 
increases, what do you do? There are 
many ways of rewarding outstanding 
performance, but before addressing the 
possibilities, let’s take a quick look at 
the options you mentioned, which are 
often overrated. 

In organizations where nonstandard 
salary increases are possible, they can 
be a great tool. For someone who con- 
sistently performs beyond expecta- 
tions, a salary boost can be a good way 
of recognizing the long-term value de- 
livered. But too often, I see managers 
eager to hand out salary increases as 
rewards for one-time greatness. Salary 
increases are gifts that keep on giving 
— and taking away. The employee is 
paid every year for something done 
long ago. But raises can also foster ex- 
pectations that every episode of great- 
ness will be met with a permanent re- 
ward. Bonuses may be a better way to 
go. One-time value delivery is reward- 
ed with one-time cash. 

Also, be careful when handing out 
promotions. Just because people per- 
form exceptionally in one position 
doesn’t necessarily mean that they’re 


ready for the next higher job. If a pro- 
motion transforms how someone deliv- 
ers value to the organization, it should 
be bestowed on someone who’s ready 
to accept the new responsibilities. 

So how can you reward your star 
performers? Here are a few ideas: 
® Cool work. Give the most interesting 
assignments to top performers who will 
love doing them. Include appropriate 
technical and managerial training. 
® Recognition. A public thank you and 
recognition of outstanding work can 
go a long way, especially if you com- 
bine it with some other reward. Recog- 
nition alone can seem a bit hollow. 
® Status symbols. While we don’t like to 
talk about this one, it can be remark- 
ably powerful. At heart, we are pack 
animals and have a strong desire to 
display our place in the pecking order. 
(Does a Mercedes get you to work any 
faster than a Chrysler?) 

What you need to do is figure out 
the status symbols in your company. 
The classics include office location, 
size, furnishings and configuration 
(such as a door). At one consulting or- 


} ganization I worked for, none of us had 


offices, so we had to find another way 
of showing rank. Status was denoted 
by cell phone. (Clearly, this was a 
while ago.) If the company issued you 
a phone, you were important. Then, 
within the cell-phone-bearing crowd, 
status was shown through phone size. 
The smaller the phone, the more im- 
portant you were. 

Silly as it may seem, people paid at- 
tention to this. So don’t underestimate 
the value of psychic rewards. 


| am the interface between IT and 

one major user group. How do | 

protect my personal reputation 
with my users when my department is doing 
a poor job delivering? Very simply: Don’t 
try. Most users can distinguish be- 
tween poor collective performance 
and poor individual performance. Just 
as most Americans love their own con- 
gressional representatives yet despise 
the collective U.S. House of Represen- 
tatives, your users can love you and 
hate your department. 

In fact, the harder you try to sepa- 
rate yourself from your delivery peo- 
ple, the more shrill and mercenary you 
will look. The more you call attention 
to yourself, the more you demonstrate 
to your users that you are more wor- 
ried about yourself and your image 
than you are about their problems. 

Just be consistently professional, 
acknowledge service problems, apolo- 
gize appropriately, and work to correct 
them. You'll be fine. @ 56051 
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No matter how —__ 
200d the outcome, if 
customers expected 
something different, 
the project is a failure. 


HE IT PROJECT WAS A SUCCESS. It was 

on time and on budget, and it did 

what it was supposed to. The only 

problem: The customer wasn’t happy. 

The project manager had provided 

written weekly status reports, just as 
the customer had requested, but he had missed the 
crucial second step: asking for feedback. The project 
manager learned too late that you can never assume 
you know what a customer is thinking — you have to 
ask. Because he failed to do that, the customer was 
resentful, says Naomi Karten, a principal at Ran- 
dolph, Mass.-based training and consulting firm 
Karten Associates. “The information [the customer] 
was given didn’t mesh with what he was looking for, 
[but] he didn’t take any steps to ask for what he really 
wanted,” she observes. 

Welcome to a world where even successful IT 
projects can be deemed failures if the customer ex- 
pected something other than what IT delivered. To 
survive and prosper, you have to learn how to man- 
age what customers expect. 

First, it’s important to understand how skewed ex- 
pectations arise. “Unreasonable expectations almost 
always come from a misunderstanding,” says Dan 
Bent, director of claims technology at The Nyhart 
Co., a financial services firm in Indianapolis. 


The sources of these misunderstandings are varied. 


Some are based on incorrect assumptions. “The ex- 
pectation is that IT is like the power company,” says 
Garrett Granger, CIO of office supply manufacturer 
Dixon Ticonderoga Co. in Heathrow, Fla. “{Users] ex- 
pect the lights to go on,” he says, “and the only time 
you hear from them is when the lights don’t go on.” 
History often raises false expectations, says Rick 
Giese, e-commerce development manager at Great 
Lakes Educational Loan Services Inc. in Madison, 





Wis. If a previous project didn’t go well, the cus- 
tomer’s expectations may be negative, he says, and 
no matter how well IT performs, it may not be able 
to overcome them. 

A directive from the top can create expectations that 
IT will have trouble meeting, says Nate Root, an analyst 
at Forrester Research Inc. Consider the sales execu- 
tive who decrees that his department needs a new 
system to track customers. Because the executive 
thinks he knows what's needed, he does no research, 
nor does he want IT to spend the time and money to 
develop good user requirements. IT is left having to 
fulfill expectations that have never really been vetted. 

Sometimes customers aren’t sure what they ex- 
pect. Especially with a large project that takes time 
to complete, expectations may evolve. “The technol- 
ogy doesn’t change as quickly as people’s minds 
change,” says Karten. 

Unattainable expectations may arise from outside 
the company, says Anita Leto, director of IT transfor- 


mation at consulting firm Ouellette & Associates Inc. 


in Bedford, N.H. The news media publish articles, 
vendors place ads, and trade shows provide rosy pic- 


Bioyey 


Developers like to add features to what they're de- 
veloping. “Gold plating” is what Rick Giese calls it. 
Beware of this, warns the e-commerce development 
manager at Great Lakes Educational Loan Services. 

For one thing, customers don’t like surprises, 
even so-called good ones. And while you might 
PES Ural e ee LCMe Om CMA Olimar 
Ce MENACE m ce meee a 

lee ame aecleie mete Climo Mire] 
snowball effect, according to Naomi Karten, prin- 
cipal at consulting firm Karten Associates. You run 
the risk of creating unreasonable expectations 
over the long term. 

“Customers expect what they are now receiving, 
and in a sense, they keep upping the ante,” she 
says. “Your good intentions can become a poten- 
elmer 

- Alan S. Horowitz 
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tures, all of which can foster unrealistic expectations. 
Customers expect plug and play. “That’s what the 
vendors at the conferences promise them,” she says. 

Finally, IT’s own expectations may be as off-target 
as those of users. The IT group may think that if it 
tells customers about a new application, they'll be 
eager to use it. But unless it obviously makes their 
jobs easier, customers may ignore it. “The average IT 
end user and the average IT producer have different 
expectations,” Root says. 

But you can manage expectations. Here’s how: 

Communicate carefully. Karten notes that it’s often not 
the work that IT does that riles customers; it’s the cus- 
tomers’ interaction with IT. So use unambiguous lan- 
guage. If the help desk commits to “respond” to a cus- 
tomer communication within four hours, the customer 
may think this means IT will solve the problem within 
four hours. But IT may think this means it will ac- 
knowledge a problem within four hours. “Both parties 
need the same understanding of what ‘respond’ 
means,” Karten says. 

Take the time to do it right. “The customer needs to be 
assisted in finding a reasonable set of expectations,” 
says Douglas C. Gilbert, director of Verizon Commu- 
nications Inc.’s operations for the U.S. Department of 
Energy. If IT doesn’t take the time early on to help 
the customer understand what’s reasonable and un- 
reasonable, he says, don’t be surprised when expec- 
tations turn out to be beyond IT’s capabilities. 

Don’t be a patsy. Push back against unrealistic direc- 
tives from on high, says Root. Don’t start the project 
until you know exactly what users really need. 

If you’re fighting negative expectations, try to build trust, 
says Virginia Robbins, managing director of IT and 
operations at Chela Education Financing in San Fran- 
cisco and a Computerworld columnist. That’s done 
through working closely with business customers to 
set priorities, requirements and scope. 

Keep expectations in sync by holding regular meet- 
ings in which senior IT and business executives hear 
project status reports from workers. “These appear 
to be time-consuming,” says Ellen Gottesdiener, prin- 
cipal consultant at EBG Consulting in Carmel, Ind., 
“but they save time by dealing with things upfront.” 

Stay current, warns Giese. Hold meetings at least 
weekly, if not more frequently. “If you’re a week off 
in expectations, it’s easier to get things righted than 
if you’re two months off and the client says, ‘This 
isn’t at all what I thought it would be,’” he says. 

Use pilot programs as a reality check, Gilbert says. “The 
pilot is set up as a joint program between business and 
IT,” he explains. A joint management committee sets 
scope, goals and metrics for the pilot, monitors it and 
verifies the results. “We use the pilot to collect data 
on which we can base realistic expectations,” he says. 

Don’t sugarcoat it. “One area where IT doesn’t do as 
good a job as it could is in communicating how long a 
project will take,” says Giese. If the job can’t be done 
within the time the customer wants, say so upfront. 

If customers’ expectations aren’t realistic, commu- 
nicate that to them, says Ann Smith, vice president of 
federal sales at Tumbleweed Communications Corp. 
in Redwood City, Calif. “It won’t get better,” she says, 
“so deal with it as soon as possible.” 56059 





Horowitz is a freelance business and technology writer 
in Salt Lake City. Contact him at alan@ahorowitz.com. 
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IT workers are a bit less confident than U.S. workers overail that they will hold 
on to their jobs throughout the next 12 months. (Seventy-seven percent of workers 
overall said it is unlikely that they will lose their job or see it eliminated.) 

But IT workers are more likely to look for a new job in the next 12 months. 
(For U.S. workers overall, 39% were likely to be looking and 50% were unlikely.) 


Likelihood of losing job or job Likelihood of looking for 
elimination in next 12 months new job in next 12 months 


Oia) 
tae) 
ikely 
unl 
nor likely 


BASE: A U.S. SAMPLE OF 2.789 EMPLOYED ADULTS. AGED 18 YEARS AND OLDER, OF WHOM 151 ARE EMPLOYED IN 
IT POSITIONS, THEY WERE INTERVIEWED IN A SERIES OF TWO POLLS CONDUCTED IN MAY 2005. 

SOURCE: SPHERION IT EMPLOYMENT REPORT. BASED ON DATA FROM AN ONLINE SURVEY CONDUCTED BY HARRIS 
INTERACTIVE ON BEHALF OF SPHERION CORP. 


INTEREST IN 
CS WANES 


@ Analyzing survey results from the Higher Edu- 
cation Research Institute at the University of Cali- 
fornia, Los Angeles, Jay Vegso wrote in the May 
issue of Computing Research News that the pop- 
ularity of computer science as a major among 
incoming freshmen at all undergraduate institu- 
tions has dropped significantly in the past four 
years and that the proportion of women who re- 
ported that they might major in computer science 
fell to levels unseen since the early 1970s. The 
percentage of incoming undergraduates indicat- 
ing that they would major in computer science 
declined by more than 60% between 2000 and 
2004 and is now 70% lower than at its peak in 
the early 1980s. 
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questions about landing a job in 
the network security field and 
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this column each month. 


I financed my own CISSP certificate 
for career advancement during a lay- 
off period, but | don’t have much pure 
security management experience, 


and my current career is wasting 
away my other network skills. How do 
I find a job in network security while 
working full time and without having 
10-plus years of experience? Some- 
times the best place to look is within your 
current company. An employee who is will- 
ing to learn new skills to improve himself 
and his organization is invaluable. 

Arrange an informational interview with 
key managers in the network security de- 
partment of your company. Discuss the op- 
portunities they have, and market the skills 
you can bring to the group. Remember, 
your knowledge of the organization, culture 
and people is an advantage you have over 
an external candidate. 


I’m pursuing a degree course in busi- 
ness IT. The course encompasses 
both business units and IT units. 
Which are the most viable career lines 
to opt for? Both business and IT career 
paths are viable. The business must under- 
stand how technology can provide busi- 
ness solutions, and technology must under- 
stand the business to provide those solu- 
tions. The employee who incorporates both 
disciplines is an asset to the company. 





Page compiled by Jamie Eckle. 


OURCING: THE OTHER INDIANS 


The Associated Press reported that 
outsourcing has come to American 
UE matte Lil melee ern Tem (eles 
recent AP story, an Indian-owned market- 
ing and Web design start-up on the Pine 
Ridge’Reservation in South Dakota called 
Lakota Express can.thank sloppy hand- 
writing for its outsourcing fortunes. Eight 
Lakota Express employees vet-the accura- 


w Even as the number of women in IT is 
declining in the U.S., it’s on the rise in 
India, according to Rediff.com, an Indi- 
an Web portal. The Infor- 
mation Technology Asso- 
ciation of America has 
found the number of 
women in IT to be on the 
decline in the U.S.., falling 
18.5% since 1996. Today, 32.4% 
of U.S. IT workers are women, 
the ITAA says. India can’t match that, 
since only 24% of its IT workers are 


rt Ta et 
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cy of electronic documents that are tran- 
scribed in China by workers who, although 

»y understand English, often have diffi- 

LOY A6 (e101 OA rg NOW Vnaleld (Ore eNIUAI LIOR 
The work amounts to reverse outsourcing 
UVa eca Onn ce Mme ROtclle Ameer es( 
that is itself in the employ of a U.S. busi- 
ness). And experts expect plenty more of 
such work to become available 


women, says India’s National Associa- 
tion of Software and Services Compa- 
nies. But the proportion of women in 
IT is growing in India, even 
as it's shrinking in the 
U.S. Nasscom says that 
women will account 
for 35% of Indian IT 
workers by 2007. And 
Madhumita Raghavan, an IT consultant 
in Bangalore, won't rule out the possi- 
bility of a50-50 male-female ra- 
tio within a few years. @ 55988 
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Dell Taps 12-Year 
IT Veteran as CIO 


SUSAN SHESKEY has been 
named CIO at Dell Inc. A vice 
president and 12-year veteran of 
the company’s IT operation, she 
had been serving as interim CIO. 
Sheskey’s management experi- 
ence at Dell includes service as 
vice president for global sales, 
services, manufacturing and 
fulfillment IT. 


Benzaken Gets Nod 
As TheLadders VP 


TheLadders.com Inc., a job Web 
site in New York, announced 

that ALAIN BENZAKEN has joined 
the company as vice president 

of technology. Benzaken will 
oversee all Web site operations 
and spearhead technology devel- | 
opment. He previously was an 
executive at Priceline.com Inc., 
serving most recently as vice 
president of development for in- 
ternational systems. Benzaken 
also spent 11 years at Prodigy 
Services Corp. 


Farmer Is Interim 
ClO at the FDA 


The U.S. Food and Drug Adminis- 
tration announced the appoint- 
ment of FRED FARMER as acting 
CIO following the departure of 
Jim Rinaldi, who will serve as CIO 
at the Jet Propulsion Laboratory. 
Farmer had been IT program 
director for the ClO’s office. 


Lemke to Lead 
IT at Schneider 


JUDITH A. LEMKE has been 
named executive vice president 
and CIO at Schneider National 
Inc., a provider of transportation, 
logistics and related services in 
Green Bay, Wis. Lemke joins 
Schneider National from Capella 
University in Minneapolis, where 
she served as CIO. Prior to that, 
she was vice president of the 
Midwest region at Born Informa- 





tion Services Inc., an IT consult- 
ing firm in Minnetonka, Minn. 


PAUL INGEVALDSON 





CEOs: Think ‘Through 
Your CIO Choice 


EAR CEO: During my 40-year career in 
the IT business, I met a lot of CIOs, and 
I became one myself. I observed two 
distinctly different types that I’ll call the 
activist CIO and the collaborative CIO. 
Although I think most CIOs use each approach at some 
time in their careers, each has a dominant type that 
determines how they generally approach their job. 
The activist is the CIO who has very strong opinions 
about the IT needs of the company and is willing to 


push the IT agenda and 
take responsibility for 
its deployment. 

The activist CIO is 
prevalent in IT turn- 
arounds or when manage- 
ment isn’t involved with 
the IT department’s proc- 
esses. Often, the marching 
orders for this type of CIO 
can be summarized by the 
dictum, “I want you to get 
in there and develop the 
systems you think we need 
to get this company run- 
ning smoothly.” 

This type of CIO thrives in compa- 
nies that are looking for operational 
systems necessary to replace costly 
and inefficient manual procedures. 
Managers within these companies are 
usually uninvolved in the IT process, 
and their expectations of the CIO are 
similar to their expectations of other 
department heads: Get the job done. 

In this type of environment, systems 
get developed more quickly because 
there is one decision-maker. The com- 
pany has passed its prerogative to IT to 
develop what is necessary. The down- 
side is that the CIO’s vision may not fit 
the strategic needs of the corporation. 
If that happens, the IT systems in the 
company will not be aligned to the 





company needs. 
The collaborative CIO, 

on the other hand, is 

the type of person who 

understands that although 

systems are developed 

by IT, they are used by oth- 

er departments. The col- 

laborative CIO is usually 

found in a company where 

management understands 

that IT systems are very 

strategic and that IT 

resources are limited. 

In this environment, the 

CIO is a member of the corporate 
strategic planning team that deter- 
mines IT needs based on the company 
strategy. The CIO functions as a tech- 
nology advocate, theorist and critic in 
order to assure that IT systems always 
support the corporate strategy as a 
point of reference. In most cases, the 
CIO reports directly to the CEO and 
sits “at the table.” 

Under this approach, systems pro- 
posals are presented to a committee 
representing all departments in order 
to assure that the right systems are 
developed. As a result, some systems 
may never be developed, but those 
that are should be the ones most need- 
ed by the corporation. 

If an activist CIO attempts to oper- 





ate in a collaborative IT environment, 
| 


there will be significant problems — 
and they’ll usually lead to a short 
career. Since the activist’s approach is 
decidedly all about IT’s vision, the de- 
ployment of systems will ultimately 
lead to resentment, lack of support 
and political turf battles — especially 
from those departments not included 
in the CIO’s plan. 

A collaborative CIO in an activist 
environment will also have a short ca- 
reer. In this case, a lack of interest and 
support will probably drive the collab- 
orative CIO from the company. This 
company will want the CIO to make 


all the calls, yet the CIO will attempt 


to achieve some form of consensus. 
Ultimately, the CEO will become frus- 
trated with this approach and see the 
CIO as weak and indecisive. 

In selecting the appropriate CIO for 


| your company, it’s essential that you 


determine the needs of your company 
and pick the proper type of CIO to 
fulfill those needs. 

Do you feel that IT is an operational 


| activity that should be managed by the 


IT department? If so, hire an activist 
CIO. Get a Top Gun type who feels 
“it’s my way or else.” 

If, on the other hand, you feel that 
IT is one of the most strategic 
weapons in your arsenal and you want 
your entire team to guide its use, hire 
a collaborative CIO. Get a business 
type who understands the business 
and knows how to build consensus 
around the IT agenda. 

If you choose correctly, systems will 
be created to fit the style of your com- 
pany. Choose wrong, and the CIO po- 
sition will continue to be a revolving 
door and systems development will 
continue to suffer. @ 55998 
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IT consulting firm with HQ in 

Atianta, GA has multiple open- 

ings for IT professionals to serve 

multiple clients throughout the 

U.S. Job duties include: Analy- 

sis, design, development and 

testing of computer applications. 

Specific skill sets needed in- 

clude 

+ Net developers JO-010 

+ J2EE developers JO-020 

* Data warehousing developers 
(Cognos/Informatica, Abinitio/ 
Business Objects) JO-030 

* Oracle Developers/DBA 
JO-040 

* Siebel Developers JO-050 

* ATG Developers JO-060 

+ Systems Administrators 
JO-070 

+ ERP Consultants - Oracle/ 
Peoplesoft/SAP JO-080 


Positions require either a B.S. 
degree in a related field and 1-2 
yrs. of exp. w/specific skill sets. 
Some entry level positions are 
available & require a M.S. deg- 
ree & related coursework or exp. 
Some senior level positions are 
also available & require 5 yrs. of 
progressive exp. Competitive 
salaries. Must be willing to travel 
irelocate. Send resume to 
bwinter@mdicareers.com. Refer’ 
to specific JO# for considera- 
tion. Applicants must have 
authority to work permanently in 
the U.S 


Senior Developer, Applications. 
Chicago, IL. Citadel Investment 
Group is currently seeking a 
qualified candidate to be re- 
sponsible for developing event- 
driven C++ UNIX server applica- 
tions receiving high-volume data 
flow for equity trading. Will work 
on AUTEX, quoting engines, 
electronic eyes, cancellation en- 
gines and high-speed exchange 
connectivity. 


Qualifications include a mini- 
mum of a Bachelor's degree in 
Computer Science or related 
field, or the foreign equivalent, 
and at least three years of C++ 
UNIX development experience 
Must also have experience with 
real-time development, including 
UNIX IPC mechanisms (sock- 
ets, shared memory), UNIX and/ 
or POSIX multithreading devel- 
opment, and experience devel- 
oping event-driven server appli- 
cations receiving high-volume 
data flow from scratch. 


Qualified candidates should 
submit a cover letter and 
resume, job reference R-0022, 


PORTUNITY EMPLOYER 


Software Engineers for Ei 
Segundo, CA Design & test 
software using Java, C, 
C++, VB, Winrunner, Tux-' 
edo, Eclipse, Corba, RMI, 
RUP. Masters or Equiva- 
lent** required in Math, Eng., 
info Systems or other relat- 
ed field of study + 1 yr of 
related exper. (**Equivalent: 
Bachelors or Equivalent + 5) 
yrs of progressive related 
work exper). Contact HR 
Manager HAI Associates, 
Inc. 880 Apolio Street Suite’ 
357 El Segundo, CA 90245. 


BS or equivalent. Skills 
ASP.Net, 82B, VB, Java, HTML, 
VB.Net, XSL, CSS, MS CMS, 
SSL & MS preferred. Good 
wage. Travel required for some 
jobs. Apply at 
lobjectwin.com. EOE. No calls. 


Will manage existing computer’ 
network, design & expansion of| 
wired and wireless broadband 
communication network, super- 
vision of network staff, provide 
guidance to the field personnel 
in using communication test 
equipment such as spectrum 
analyzers, network analyzers 
and wireless sniffers; bench- 
mark and improve existing net- 
work, maintain specifications 
update documentation on as 
needed basis, conduct inter- 
views and contact cooperative 
customers for the purpose of 
communicating services and 
distribute _ policy. Masters 
Degree in Telecommunications 
or Computer Engineering, 9 
months experience required with 
at least 6 months in advanced 
wireless phased array antenna 
technology. Competitive wages, 
40 hrs a week, Please send 
resume to: HR, ColumbiaREA, 
115 E. Rees Avenu, Walla Walla, 
WA 99362 


er 


| Immediate opening for 

SOFTWARE ENGI- 
NEER: Software de- 
| velopment company in 
| Trabuco Canyon, CA. 
Fax resume to A1 
| Alpha Space, Inc. at 
(949) 713-4671. 


Software Engineer: McData 
seeks applicants for the position 
of Software Engineer in Broom- 
field, CO. Engage in analysis, 
design, programming, debug- 
ging and maintaining enterprise 
application software. Require- 
ments include a master's de- 
gree in computer science, work- 
ing knowledge of Java design at 
a production level, object-ori- 
ented programming and design, 
J-Builder, UML, XML and 
Eclipse. Respond by resume to 
Cherie Henket, McData, 4555 
Great American Parkway, Santa 
Clara, CA 95054. 


Systems Analyst Ill 


Provide support for Oracle/ 
UNIX-based applications in 
Solaris. Administrate oracle 
database including OEM, 
RMAN, OAS. Code, test ap- 
plications using Perl, C, XML, 
Unix scripts. Requires a M.S. 
in C.S. or related field with 1 
yr related exp. Apply to: 
Lamar State College-Orange, 
410 W. Front St., Orange, TX 


77630. Go to www.isco.edu 
for detail. EO/TSUS institu- 
tion. 


Computer Software En- 
gineer w/exp. in design- 
ing/developing services 
for large-scale enter- 
prise application inte- 
gration to work in New 
Orleans, LA. SAIC, 
please apply for the 
position online at 
www.saic.com. Must ref 
job code ARM123493. 


Software Project Manager need- 
‘ed w/Masters in Engg or Comp 
Sci or Math & tyr exp to plan, 
organize, direct & coord d/base 
drive s/ware applics dvipd using 
Oracle, JSP, J2EE & OC4J 
Dsgn, dvip & create s/ware ap- 
plic in Java, PL/SQL, Serviets, 
EJBs, Apache, VB, FTP & SMTP) 
accdg to industry standard tech- 
niques, principles & s/ware dsgn 
patterns. Gather sysim reqmts 
from clients & translate these 
reqmts to in-house dvipmt team 
& assure speedy impimtn & 
problem resolution. Dvip, main- 
tain & track s/ware enhance- 
ment production records. Dvip 
s/ware for recruiting technolo- 
gies. Provide network admin in 
wireless (Bluetooth, mobile) 
technologies & network security. 
Supv 2 Prgmrs. Mail resumes to: 
Aigomod Technologies Corp 
116 John St, Ste 1406, NY, NY 
10038. Job Location: NY, NY. 


Programmer Analyst - Design, 
develop, test wireless mobile 
handheid-PDA software applica- 
tions using Appforge MobileVB, 
SQL Anywhere Studio, Manage 
Anywhere Studio, Microsoft Win- 
dows CE; program for synchro- 
nization, staging, scanning, im- 
aging, modem, wireless & print- 
ing. Req Bachelor's dgr in CS or 
related with 2 yrs work exp. 
Software Engineer - Analyze, 
design, develop web applica- 
tions & tools for Distribution sys- 
tems using Websphere, Velocity, 
Java, RMI, Domino, JavaScript, 
HTML, DB2, Sybase, XML; inte- 

ration with DB2 Database & 

lored Procedures on AS/400 
Req Master's dgr in CS or relat- 
ed with 4 yrs work exp. 

EOE, Drug free, Smoke Free. 


Send resume to Anderson News 
LLC, Attn VP of IT, PO Box 
52570, Knoxville, TN 37950- 
2570. 


Seeking qualified applicants for 
the following position in Prince- 
ton, NJ: Programmer/Analyst 
Design, develop, configure 
code, implement, edit, and 
maintain user application pro- 
grams. Modify existing applica- 
tion and provide systems sup- 
port. Analyze user's requirement 
to enhance system perfor- 
mance. Req. BS or equivalent in 
CS, CIS, MIS, ME, EE, CE or 
related field with 5 yr. exp. in job 
offered. Must be proficient in 
ERP, SAP and PeopleSoft. 
Willing to re-locate in USA as 
needed. Send resume to 
kumar@e-zery .com. 


Wanted a Programmer Analyst 
for Asterix Consulting Inc, job 
location is Manhattan, New 
York, with a Masters in Com- 
puter Science or equivalent de- 
gree with four (4) years of tech- 


6/ASP, Oracle 9i and SAP 
Business Warehouse. Salary 
$75,000 per annum and all 
standard benefits. Please apply 
to info@asterixusa.com or mail 
two copies to HR Manager, 303 
Fifth Avenue, Suite 1301, New 
York, NY - 10016. 


Documentum Developer’ 
wiexp. in software pro- 
gramming in a health- 
care and energy envi- 
ronment. Send resume 
to Wanda  Collins- 
Raleigh, SAIC, 11490 
Westheimer Bivd., 10th 
Fl., Houston, TX 77077. 
Must ref job code 
ARM109221. 


Computerworld 


COMPUTER - Software Art 
Corp., a s/w consulting firm, 
seeks exp. s/w professionals for 
its clients nationwide 

S/W ENGINEERS: 

-- Oo programming, MVC, XML, 
XSLT, Weblogic, PL/SQL, Orac- 
le, LDAP, Cryptography, Win/ 
Unix/Solaris for financ'l & e-com 
appl. CICS Transaction Gate- 
way to integrate w/mainframe. 

-~ Java, Oracle, Apache, Web- 
logic, SQL, Webservices for 
Enterprise level multiple finan- 
cial sys in investment mgmt env- 
iron. 

ERP PROJ. MANAGERS - 
TECH 

-- ERP impli in higher edu envi- 
ron. Lead tech proj w/SCT Ban- 
ner s/w, integrate ERP w/legacy 
using EAI technologies. 

Send resume to: HR Software 
Art Corp. 3371 Lawrence Com- 


Sr. Systems Analyst, Pension 
Plans, Greenwich, CT (2 posi- 
tions): Coordinate install + tests 
of computer op. system software 
for small software dvipmnt co. 
for actuaries; maintain/modify 
benefit pension plan software; 
enter code; analyze perform- 
ance indicators; review system 
capabilities/workflow; perform 
user training for software prod- 
ucts. May supervise IT staff. 
Skills used: ASP, HTML, C++, 
MS Office, SQL Server + Win- 
dows Server env. Must: MA (or 
equiv) in Comp. Sc., Info Syst- 
ems, or Math plus 2 yrs. exp, 
which included programming of 
benefit pension plans; will also 
accept BA (or equiv) plus 5 yrs. 
exp. (2 of which included pro- 
gramming of benefit pension 
plans). Fax Resume to B. Sisko, 
Winklevoss, 203-861-5561 


Radianz seeks Hosting Adminis- 
trator/Application Engineer to 
administer & manage Enterprise 
Monitoring Systems such as HP 
Open View, Smarts Incharge, 
Veritas Netbackup, Open View 
Internet Services, Network Node 
Manager, & Content Verification 
System in 24x7 operating env't. 
Bachelor's in Eng or CS & 2 
years exp in network admin, 
mgmnt & config req'd. Prior exp 
must incl. admin. & maintenance 
of HP Open View Vantage Point 
Operation & Smarts Incharge. 
Must be avail. to wrk nights, 
weekends and/or holidays as 
req'd. Nutley, NJ. Send resumes 
to Radianz, P.O. Box R-4, 71 
Fifth Avenue, Fl 5, New York, NY 
10003. Please ref. Code 
CW805IK. 


Software Engineer needed w/ 
Bachelors or Foreign Equiv in 
Engg. or Comp. Scie. or Math & 
2 yrs exp to analyze, design, 
develop & customize web based 
applic. using C#, ASP.NET, ASP, 
VB, COM, JavaScript & HTML. 
Create XML based web servic- 
es. Generate reports using Crys- 
tal Reports. Perform designing & 
data modeling using Microsoft 
Visio. 2 yrs exp as a Program- 
mer Analyst is acceptable. Mail 
Resumes to: Open Systems 
Tech Inc., 225 W. 34 St., Ste 
#1715, NY, NY 10122. Job loc: 
NYC or in any unanticipated 
locations in U.S.A. 


Computer: Software 
Engineer (Pervasive 
& SQL RDBMS). Mail 
to William Stucky & 
Assoc., attn: HR, 2 
Embarcadero Ctr, 
#2220, San Francis- 
co, CA 94111. 
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Continued from page 1 


NU has a separate contract 
with IBM to convert cus- 
tomer data from the IDMS 


——— | and flat-file VSAM CIS data- 


the company looked at pack- 
aged CIS offerings from ven- 
dors such as SAP AG and SPL 
WorldGroup Inc. But, he not- 
ed, it would have cost NU an 
estimated $140 million-plus 
to purchase and install such 
packaged CISs and develop a 
common set of customer ser- 
vice business proc- 
esses. 

By customizing 
and enhancing the 
older IBM CIS al- 
ready used by its 
Yankee Gas Ser- 
vices Co. sub- 
sidiary, NU ex- 
pects to pare those 
costs to roughly 


£ 
The total 


bases that are being consoli- 
dated, said Domenic Gugli- 

otti, IT project manager for 

| NU’s CIS group. 


Customized Savings 

The packaged CISs that NU 

reviewed were scalable and 

worked on both distributed- 
computing and 
mainframe plat- 
forms, according 
to Gugliotti. 

“But the total 
cost of the system 
wasn’t going to 
deliver sufficient 

A incremental value 
above what we 
were spending on 





60% of what it 
would have spent 
on an external 
package, Charette 
said. 

NU has hired 
IBM and India- 
based Infosys 
Technologies Ltd. 
to provide about 
20 on-site contrac- 
tors and 50 to 70 
offshore workers 
to design and de- 


4 cost of [a 
packaged CIS] 
wasn't going to 
deliver sufficient 
incremental value 
above what we 
were spending 
on [customizing] 
the IBM system. 


DOMENIC GUGLIOTTI, 
IT project manager, 
Northeast Utilities 


the IBM system,” 
he said. For in- 
stance, NU plans 
to introduce a 
new rate plan for 
some of its busi- 
nesses starting 
in 2007, and the 
IBM CIS already 
supports those 
requirements, he 
said. 

The cost to in- 
stall a new pack- 


velop the new sys- 

tem. About 70 NU IT and cus- 
tomer service managers and 
staffers are also working on 
the project, he added. 


aged CIS often 
runs at about $50 per cus- 
tomer for energy companies, 
said Rick Nicholson, an ana- 
lyst at market research firm 





Energy Insights, a division of 


| IDC. Since NU has 2 million- 


plus customers and plans to 


| do a substantial amount of CIS 


customization, “it’s altogether 
possible that a new CIS sys- 


| tem would end up costing it 


upwards of $140 million,” said 


| Nicholson. 


Because NU is revamping 
its existing IBM CIS, the esti- 


| mated price tag for its cus- 


tomer service integration 
efforts still falls “below the 
industry average,” Nicholson 


| added. 


NU plans to put the new 


| business processes for the 





| CIS into production for its 
| customer service teams at The 
| Connecticut Light and Power 


Co., Yankee Gas and Western 
Massachusetts Electric Co. by 
March 2007 and at its Public 
Service of New Hampshire 
subsidiary by October of that 


| year, said Charette. 


Development of a set of 
new system has already been | 
completed (see related story, 
below). 

Gugliotti said the develop- 


ers of the updated system have | 


been able to reuse code from 


other NU applications by us- 
ing enterprise application in- 
tegration software from Web- 


| Methods Inc. 


Peripheral systems being 


| interfaced into the CIS will 


provide natural speech recog- 
nition, integrated voice re- 
sponse, Web self-service and 


| telephony capabilities, said 


Charette. @ 56324 


| MORE THIS ISSUE 


t recent advances in 
natural speech recognition applications 
for customer service call center systems, 


| please turn to page 25. 


User Input Key to Success of NU Integration Project 


HARTFORD, CONN 
A key piece of Northeast Utili- 
ties’ mammoth customer service 
integration project is the creation 
of a common set of customer 
service processes. 

The utility sought to develop 
a procedure that would let ser- 
vice representatives resolve 
problems for customers of any 
one of its four business units. 

The effort that was completed 
earlier this year and the process- 
es that will be put into practice 
next year were drawn from best 
practices suggested by line 
managers and executives from 
each of NU’s subsidiaries, said 
Kevin Charette, project director 
for the customer service integra- 
tion project at NU. The project's 


developers created about 70 
distinct processes, he said. 

“In the beginning, it was con- 
sidered daunting because we 
were taking business practices 
from four different companies,” 
said Charette. “But we worked 
through all these issues.” 

The successful creation of 
the process was achieved, in 
part, by layering the customer 
service integration project team 
with managers and staff from 
the four operating companies. 
Pinnacle Call Center Solutions 
in Lake Forest, Calif., helped NU 
identify best practices across 
those business units, said 
Charette. 

“We took this very, very seri- 
ously,” said Domenic Gugliotti, 


IT project manager for the CIS 
group. 

NU is planning to add up to 
100 temporary customer service 
representatives late next year so 
that its existing reps can take 
turns being trained on the re- 
vised CIS. “You have to fly the 
airplane while you're changing 
the engine.” said Charette. 

The consolidation of six call 
centers into two virtual centers 
should result in a 20% reduction 
in NU's customer service staff, 
said Charette. Most, if not all, of 
the reductions, which will affect 
managers, salaried staff, cus- 
tomer service reps and IT work- 
ers, will be made through attri- 
tion, said Charette. 

- Thomas Hoffman 





Germany Launches IT Security Initiative 


Interior minister 
says companies 
need to do more 
to protect systems 


BY JOHN BLAU 
The German government, 
looking to better protect the 
country’s systems from virus- 
es and other attacks, last week 
announced a national IT secu- 
rity plan that includes the es- 
tablishment of a computer 


emergency response center. 
The plan, unveiled Thurs- 
day in Berlin by Interior Min- 
ister Otto Schily, emerged as 
Germany is struggling to come 
to grips with increasing at- 
tacks on IT systems in both 
the public and private sectors. 
“We must deal with threats 
of a new quality and quantity,” 
Schily said at a news confer- 
ence, adding that the country 
as a whole still isn’t fully aware 
of the harm that can be caused 
by cyberthreats like viruses, 


| 








worms and phishing attacks. 

The lack of commitment by 
many German companies to 
IT security is worrying, Schily 
said. Some corporate execu- 
tives wait until they have an 
acute problem before taking 
steps to improve their IT de- 
fenses, he noted. Home users 
also underestimate the need to 
safeguard systems, the minis- 
ter warned. 

The government’s “National 
Plan to Protect IT Infrastruc- 
tures” has three major goals: 





preventing attacks, enabling 
swift responses to ones that 
do occur and encouraging the 
widespread adoption of com- 
mon security practices. 
The Federal Office for Secu- | 
rity in Information Technolo- 
gy, known by its German acro- 
nym BSI, will play a key role 
in the effort by developing and | 
implementing new security 
standards within the public 
sector and publishing guide- 
lines for corporate users. 
Schily said the BSI will also 
house the new computer 
emergency response center, 


| 


which will collaborate with IT 
security services vendors. The 
center’s planned responsibili- 
ties include sending e-mail 
alerts about potential threats 
and responding to attacks via 
a technical support hot line. 
Schily called Germany’s 
plan the first of its kind in the 
European Union and said he 
hopes that other members will 
be encouraged to follow the 
country’s lead with similar ini- 


tiatives. @ 56351 


Blau writes for the IDG 
News Service. 
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Lessons Not Learned 


HAT HAVE WE learned from the current stam- 
pede of Windows-infecting worms with names 
like Zotob, Esbot, Bobax and Spybot (see story, 
page 1)? First lesson: If you want to raise public 
awareness about a tired old subject like computer 
worms, just gore the oxes of reporters and editors at CNN, The New 
York Times, The Associated Press and ABC News. There’s nothing 
like personal pain to freshen up a story. In CNN’s case, there’s noth- 
ing like having it happen on live TV. 
Second lesson: Uh, is there a second lesson? 


Probably not. After ail, we already knew that 
the most common security hole is a buffer that 
can overflow if the code filling it doesn’t check 
for input length. That’s the programming flaw 
that these worms exploit — a flaw that’s been 
around since 1988, when the notorious “Morris 
worm” brought a much smaller Internet to its 
knees with a buffer overflow attack. 

We already knew that it’s a good idea for 
vendors to release patches as soon as vulnera- 
bilities are made public. To Microsoft’s credit, it 
shipped a patch the day it announced the secu- 
rity hole. (But no points to Microsoft for ship- 
ping products with the hole in the first place.) 

We already knew that stretched-thin IT staffs 
have a tough time applying those patches 
quickly, because it takes time to test and then 
roll them out to servers and desktop PCs. 

We already knew that publishing exploit code 
that can easily be pasted into worm programs is 
not helpful. Well, it’s helpful to worm writers, 
but not to the rest of us. Such code was report- 
edly published on a security Web site the day 
after Microsoft got its patch out the door. Three 
days later, the Zotob worm was in the wild, in- 
fecting Windows machines. 

We already knew that worm writ- 
ers both share information and 
compete with one another. It’s no 
great surprise that within hours, 

Zotob was joined by other worms 
exploiting the same hole — and 
hammering away at Windows users. 

So maybe there just isn’t a lot to 
learn from this round of being over- 
run by worms. 

But isn’t it time we stopped treat- 
ing worm outbreaks as learning 
experiences? 

Isn’t it time for Microsoft to stop 
selling operating systems with 





buffer overflow security holes? That wouldn’t 
require bug-free programming — just looking 
for and eradicating one particular kind of bug. 

Yes, Microsoft is trumpeting that Vista (nee 
Longhorn) will be safe from buffer overflows 
when it ships next year. Then again, that prom- 
ise was originally based on Longhorn using 
.Net, which automatically checks buffers every 
time they’re accessed. But now Microsoft re- 
portedly has replaced most uses of .Net in 
Longhorn/Vista with code written by hand. 
That’s so Vista can meet its 2006 deadline — 
secure or not. 

And isn’t it time for Microsoft’s partners and 
competitors, whether proprietary vendors or 
open-source projects, to eradicate all buffer 
overflows too? This isn’t brain surgery — it’s 
more like good hygiene. For new code, it’s 
simple: Just make sure every buffer access is 
checked. Existing code is a bigger pain, but if 
we found every reference to a two-digit year 
during the run-up to Y2k, we can find every 
buffer access. 

Finally, isn’t it time corporate IT stopped ac- 
cepting buffer overflow bugs from any pro- 
grammer — vendor, consultant or in-house? It’s 

not impossible, or even difficult. 
Every programmer knows how to 
write software that doesn’t have 
this bug. Every enterprise deserves 
software that doesn’t expose the 
business to attacks, downtime and 
financial loss. 

It’s time to demand business- 
quality code — the kind our man- 
agement should expect from a 
business-quality IT shop. 

Otherwise, we’ll just be showing 
that when it comes to buffer over- 
flow attacks, we’ve really learned 
nothing at all. @ 56294 
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Out to Lunch 


It's the late 1980s, and this pilot fish’s boss at a non- 
profit agency has a brainstorm. “He wanted to provide 
amenu-driven telephone system that would let local 
boaters and fishermen call in for information on river 
levels,” says fish. “I was invited to a lunch with the lo- 
cal phone company to discuss it. Being new to the 
project, | started by asking what percentage of the tar- 
geted rural population had touch-tone phone service 
- amust-have for menu-driven phone systems. As | 
remember, the chicken salad was delicious and the 


Geaear TANK Seanen. 
feature: a search company take a 


box in the top right ; test for computer skills, 
corner of every page.  * says a manager pilot 
“Wanting some user 





73% of the FORTUNE 100° and 76% 
of the European 100 compared business 
collaboration providers and came to 
a single conclusion. 


tangs Hit 


Obviously, great 
minds think alike. 


Many of the world’s most successful organizations rely upon Sterling Commerce to automate their business 
processes, so they can exchange critical information with their trading partners, subsidiaries and customers. 
Reliably. Securely. And regardless of the application being used. Sterling Commerce delivers the first platform to 
meet all the complex challenges of real-world multi-enterprise collaboration. Find out what so many companies 
already know. Speak to a Sterling Commerce representative today. Or visit www.sterlingcommerce.com 


BUSINESS APPLICATIONS BUSINESS INTEGRATION BUSINESS INTELLIGENCE BUSINESS PROCESS MANAGEMENT SOLUTION DELIVERY 


( sterling commerce 


©2005 Sterling Commerce, Inc. ALL RIGHTS RESERVED. Sterling Commerce and the Sterling Commerce logo are trademarks of Sterling Commerce, Inc. Sterling Commerce is an SBC Communications, Inc 
company. FORTUNE is a registered mark of Time Inc. 





Oracle Database 


— #1 Database 
0 


For Small Bus 


Easy to use. Easy to manage. 
Only $149 per user. 








oracle.com/standardedition 
or call 1.800.633.0753 


Terms, conditions, and limitations apply. Pricing, specifications, availability and terms of offers may change without notice. Taxes, fees and shipping charges 
extra, vary and are not subject to discount. Oracle Database Standard Edition One is available with Named User Plus licensing at $149 per user 
with a minimum of five users or $4995 per processor. Licensing of Oracle Standard Edition One is permitted only on servers 
that have a maximum capacity of 2 CPUs per server. For more information, visit oracle.com/standardedition 


Copyright © 2005, Oracle. Oracle, JD Edwards, PeopleSoft and Retek are registered trademarks of Oracle Corporation and/or its affiliates. 
Other names may be trademarks of their respective owners. 








